{"id":200756,"date":"2010-01-19T11:55:00","date_gmt":"2010-01-19T15:55:00","guid":{"rendered":"tag:blogger.com,1999:blog-7196788127833928948.post-650809091857978690"},"modified":"2010-01-19T11:55:00","modified_gmt":"2010-01-19T15:55:00","slug":"free-vs-commercial-database-vulnerability-scanning","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/200756","title":{"rendered":"Free VS Commercial Database Vulnerability Scanning"},"content":{"rendered":"<p>Part of the vulnerability assessment process must include a vulnerability assessment of your databases.<br \/>And the sad reality is that while there are thousands of tools that focus on Web application and network security scanning, there are very few of them which are doing the same for databases.<br \/>Today we are comparing the results delivered by <a href=\"http:\/\/www.shortinfosec.net\/2009\/03\/quick-and-basic-security-assessment-for.html\">Scuba by Imperva<\/a> &#8211; a free tool and <a href=\"http:\/\/www.ngssoftware.com\/products\/database-security\/ngs-squirrel-sql.php\">NGSSQuirreL for SQL by Next Generation Security Software<\/a> &#8211; a commercial tool.<\/p>\n<p><a onblur=\"try {parent.deselectBloggerImageGracefully();} catch(e) {}\" href=\"http:\/\/1.bp.blogspot.com\/_Hu1rpxRsqcU\/S1XlVP-ZkII\/AAAAAAAAAeM\/oEgdso-Tu1s\/s1600-h\/Scuba_Database_Vulnerability_Assessment.jpg\"><img decoding=\"async\" style=\"margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 256px; height: 212px;\" src=\"http:\/\/1.bp.blogspot.com\/_Hu1rpxRsqcU\/S1XlVP-ZkII\/AAAAAAAAAeM\/oEgdso-Tu1s\/s320\/Scuba_Database_Vulnerability_Assessment.jpg\" alt=\"\" id=\"BLOGGER_PHOTO_ID_5428497079093268610\" border=\"0\" \/><\/a><a onblur=\"try {parent.deselectBloggerImageGracefully();} catch(e) {}\" href=\"http:\/\/2.bp.blogspot.com\/_Hu1rpxRsqcU\/S1XlNv7U81I\/AAAAAAAAAeE\/7g1R-kui1B8\/s1600-h\/NGSSQuirreL_Database_Vulnerability_Assessment.jpg\"><img decoding=\"async\" style=\"margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 238px; height: 267px;\" src=\"http:\/\/2.bp.blogspot.com\/_Hu1rpxRsqcU\/S1XlNv7U81I\/AAAAAAAAAeE\/7g1R-kui1B8\/s320\/NGSSQuirreL_Database_Vulnerability_Assessment.jpg\" alt=\"\" id=\"BLOGGER_PHOTO_ID_5428496950231364434\" border=\"0\" \/><\/a><\/p>\n<p><span style=\"font-weight: bold;\">The tools comparison table<\/span><br \/>Here is a side-by-side comparison of functionality and results of both tools<\/p>\n<p><a onblur=\"try {parent.deselectBloggerImageGracefully();} catch(e) {}\" href=\"http:\/\/2.bp.blogspot.com\/_Hu1rpxRsqcU\/S1YGEWMgzAI\/AAAAAAAAAeU\/6El42dhW2oY\/s1600-h\/Comparison.jpg\"><img decoding=\"async\" style=\"margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 262px;\" src=\"http:\/\/2.bp.blogspot.com\/_Hu1rpxRsqcU\/S1YGEWMgzAI\/AAAAAAAAAeU\/6El42dhW2oY\/s320\/Comparison.jpg\" alt=\"\" id=\"BLOGGER_PHOTO_ID_5428533072589016066\" border=\"0\" \/><\/a><br \/><span style=\"font-weight: bold;\">The results<\/span><br \/>To provide the most impartial evaluation of the results, we have generated detailed reports of both tools as PFD files. You can review them and assess the quality yourself.<br \/><a href=\"http:\/\/sites.google.com\/site\/spirovskib\/files\/Database_Vulnerability_Scan_Summary_Report.pdf?attredirects=0&amp;d=1\"><br \/><\/a><\/p>\n<ul>\n<li><a href=\"http:\/\/sites.google.com\/site\/spirovskib\/files\/Database_Vulnerability_Scan_Detailed_Report.pdf?attredirects=0&amp;d=1\">Here you can download and view a SCUBA PDF Database Vulnerability Detailed Scan of a SQL 2008 Express DBMS<\/a><\/li>\n<li><a href=\"http:\/\/sites.google.com\/site\/spirovskib\/files\/NGSSQuirreL_Database_Vulnerability_Scan_Detailed_Report.pdf?attredirects=0&amp;d=1\">Here you can download and view a <\/a><a href=\"http:\/\/sites.google.com\/site\/spirovskib\/files\/NGSSQuirreL_Database_Vulnerability_Scan_Detailed_Report.pdf?attredirects=0&amp;d=1\">NGSSQuirreL<\/a><a href=\"http:\/\/sites.google.com\/site\/spirovskib\/files\/NGSSQuirreL_Database_Vulnerability_Scan_Detailed_Report.pdf?attredirects=0&amp;d=1\"> PDF Database Vulnerability Detailed Scan of a SQL 2008 Express DBMS<\/a><\/li>\n<\/ul>\n<p><span style=\"font-weight: bold;\">Conclusion<\/span><br \/>It is evident that the commercial tool beats the free Scuba in every area. But before you jump into a purchase, you need to assess your requirements and expectations.<\/p>\n<p>So it is very advisable to get the free tool, run it in your environment and understand the results, so you can understand what is missing, and extend your search to a better tool<\/p>\n<p>Talkback and comments are most welcome<\/p>\n<p>Related posts<br \/><a href=\"http:\/\/www.shortinfosec.net\/2008\/09\/thrown-in-fire-database-corruption.html\">Thrown in the Fire &#8211; Database Corruption Investigation<\/a><br \/><a href=\"http:\/\/www.shortinfosec.net\/2009\/03\/quick-and-basic-security-assessment-for.html\">Quick and Basic Security Assessment for Databases<\/a><br \/><a href=\"http:\/\/www.shortinfosec.net\/2008\/05\/sql-server-bulk-import-bcp-how-to.html\">SQL Server Bulk Import &#8211; BCP HOW TO<\/a><\/p>\n<div class=\"blogger-post-footer\"><img width='1' height='1' src='https:\/\/blogger.googleusercontent.com\/tracker\/7196788127833928948-650809091857978690?l=www.shortinfosec.net' alt='' \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~r\/shortinfosec\/~4\/z7OAwm-FZ4Q\" height=\"1\" width=\"1\"\/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Part of the vulnerability assessment process must include a vulnerability assessment of your databases.And the sad reality is that while there are thousands of tools that focus on Web application and network security scanning, there are very few of them which are doing the same for databases.Today we are comparing the results delivered by Scuba [&hellip;]<\/p>\n","protected":false},"author":5679,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-200756","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/200756","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/5679"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=200756"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/200756\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=200756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=200756"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=200756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}