Application Security Inc. is rolling out a security scanner for MySQL, the open-source database from MySQL AB, and for Web applications.
AppDetective 3.2 for Web Applications and AppDetective 3.2 for MySQL are network-based vulnerability assessment scanners that locate and assess the security of network database applications.
Both Web applications and back-end databases can provide an easy way for intruders to exploit application vulnerabilities. To combat that potential, AppDetective can now check Web applications for susceptibility to XSS (Cross Site Scripting), SQL Injection and Parameter Manipulation attacks, among other holes.
For MySQL databases, the update brings a new set of security checks for Denial of Service, Password Strength, Application Integrity and Access Control configurations.
AppDetective supports Oracle Corp. databases, Microsoft Corp.s SQL Server, IBMs DB2 UDB (Universal Database), Sybase Inc.s databases, and Lotus Domino Mail and Web Server applications.
In addition, new operating system-level checks for DB2 examine all application-relevant files for vulnerabilities such as discrepancies between database file permissions and best-practice security policies. The upgrade also comes with a new class of checks for Lotus Domino to help scan for and fix holes caused by misconfiguration or weak passwords.
AppDetective 3.2 is available immediately. Pricing starts at $1,295 per unit under test.