Tool Tests DB2 Security

By Lisa Vaas  |  Posted 2003-01-07 Print this article Print

AppDetective scans applications and performs penetration tests and security audits on IBM database apps.

Application Security Inc. on Monday rolled out an IBM DB2 version of its AppDetective application security vulnerability scanner. The scanning and penetration-testing software performs network-based penetration tests and security audits. AppDetective locates and identifies a variety of applications within a network, including those running on DB2 and Lotus Domino databases, as well as on databases from Oracle Corp., Microsoft Corp. and Sybase Inc. The software presents version numbers, patches and other inventory-specific information for use in security analysis. Security audits can be performed on target DB2 databases remotely from laptops or desktops. The tool produces reports with instructions on how to fix vulnerabilities with reference links to database vendors sites to ease the task of securing patches.
Aaron Newman, ASIs Chief Technology Officer, said that as IBM gains database market share with DB2, the need for securing these databases is growing. "With more organizations relying on IBM DB2 to store their most critical information, properly securing and keeping a watch over these databases is important," said Newman, in a statement. "AppDetective for IBM DB2 is an automated vulnerability assessment application scanner that empowers security practitioners and database administrators with an all-in-one solution to discover rogue DB2 installations [and to] check for accounts with weak passwords, misconfigurations and vulnerabilities."
ASI, of New York, already markets the tool for use with Domino, Oracles namesake database, Microsoft SQL Server and Sybase ASE databases. Officials said that the company soon will release versions of AppDetective for MySQL, Oracle Application Server, Microsoft Exchange and IBM WebSphere. Free evaluation versions of ASI products are available at ASIs Web site. AppDetective for DB2 sells for $1,295 per database instance, with an additional 20 percent for maintenance, which includes a continuously updated library of vulnerabilities and misconfigurations.
Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel