Timing, as they say, is everything.
As the furor over Oracle Corp.s new Unbreakable ad campaign grows, Application Security Inc. this week introduced the new version of its AppDetective, a security scanner specifically designed to look for vulnerabilities in Oracle databases.
Oracle, the Redwood Shores, Calif., database software maker, lately has been running a print advertising campaign that boasts its new 9i software is "unbreakable." The "Cant break it. Cant break in," tagline understandably has attracted quite a bit of attention from both crackers and the legitimate security community.
Critics say the claims of impenetrability are not only reckless but virtually impossible to prove. Attackers, meanwhile, have turned their attention toward Oracles own network as well as others with 9i back ends.
Into this fray comes now Application Security and Version 2.0 of its AppDetective for Oracle. The product is billed as an application-security scanner that is designed to perform penetration tests and vulnerability assessments against Oracle software.
AppDetective assesses the databases security posture and reports back to the administrator the version number, patches applied, operating system type and other information.
The New York-based company says that even security-ignorant users can perform penetration tests and security audits over the Internet with AppDetective.
"Oracle provides a rich set of security features, but claiming that it is unbreakable gives database administrators a false sense of security," said Aaron Newman, chief technology officer of Application Security. "Even the most vigilant administrators dont have the time and resources to properly lock down their Oracle databases."
Oracle officials have defended their security claims by saying that the "Unbreakable" label refers to the numerous independent security certifications the software has achieved.