Symantec Enterprise Security Manager Database Module

Oracle / DB2

Symantec

http://www.symantec.com/region/can/eng/product/esm/databases/

The provided modules and policies protect Oracle and DB2 databases from known security vulnerabilities. The policies introduce new, database-specific executables and content, including modules to check password strength, patches, and unneeded services. Based on ISO 17799, the policies contain prepackaged Symantec security research, easing the burden of effective security policy development. Policies are designed for specific version combinations, such as Oracle 9i on Solaris 8, rather than for the least common denominator, protecting the confidentiality, integrity, and availability of your data

COMMERCIAL

Information Updated:16 Nov 2004

ISS Database Scanner

DB: Oracle, SQL Server, SyBase
Console: NT 

Internet Security Systems, Inc., Atlanta, Georgia

http://www.iss.net/products_services/enterprise_
protection/vulnerability_assessment/scanner_database.php

Database Scanner offers security policy generation and reporting functionality, which instantly measures policy compliance and automates the process of securing critical online business data. Easy to install and use, Database Scanner runs independently of the database and quickly generates detailed reports with all the information needed to correctly configure and secure databases.

COMMERCIAL

Information Updated:16 Nov 2004

CA Vulnerability Manager

Waiting for callback from Vendor

Computer Associates

http://www.ca.com/us/products/product.aspx?ID=4707

What is CA Vulnerability Manager?
CA Vulnerability Manager takes a distinct asset-based approach to vulnerability assessment. It helps you quickly understand what assets you have in your environment, along with the exposures to those assets. It explains how to fix the exposures and validates whether or not the fix has been installed.

What security challenges does it meet?
It helps you manage risk. The best way to prevent security incidents is to identify and remedy the vulnerabilities—fixing them before they are exploited and systems are compromised. CA Vulnerability Manager also helps you contain the costs associated with managing vulnerabilities by automating discovery, research and reporting.

What features does it offer?
CA Vulnerability Manager discovers assets and detects technologies, detects security vulnerabilities and exposures, assesses the risk to business critical assets, and measures your security risk posture and vulnerability mitigation progress.

What platforms does it support?
Windows

COMMERCIAL

Information Updated:25 Oct 2007

NeXpose

Windows 2000, XP and Linux

Rapid7 Inc

http://www.rapid7.com/Product-Introduction.html

Wizard features - enhances ease of use for non-network professionals.      Continuous, real-time updates - ensures your environment has the latest vulnerability and exposure definitions.     Less than 1% false positive reporting - reduces time investigating false alerts.    Instant notifications, comparison reporting and AI technology - maximizes network protection.    Protocols, operating systems, databases and network infrastructure scans built-in - one integrated package.     An artificial intelligence engine - adapts assessment processes and routines for your environment.    An open-source plug-in development architecture - assembles a community of developers building new vulnerability tests.    Configurable reports with output formats from HTML to XML

COMMERCIAL

Information Updated:09 Jan 2003

SQLdict

MS SQL Server

http://ntsecurity.nu/toolbox/sqldict/

"SQLdict" is a dictionary attack tool for SQL Server. It lets you test if the accounts are strong enough to resist an attack or not.

FREEWARE

Information Updated:06 Nov 2000

NGSSQLCrack

MS SQL Server

Next Generation Security Software Ltd

http://www.nextgenss.com/products/database-security/ngs-sqlcrack.php

Weak passwords can render even the most secure systems vulnerable, but with NGSSoftware's innovative NGSSQLCrack you can guard against weak passwords that make your network susceptible to attack. This clever password cracking utility for Microsoft SQL server 7 and 2000 will identify User Accounts with weak passwords so they can be reset with stronger ones, thus protecting the overall integrity of your system.

NGSSquirrel For Oracle

http://www.nextgenss.com/products/database-security/ngs-squirrel-oracle.php

NGSSQuirreL for Oracle is our vulnerability assessment scanner that sets the standard. Developed with the help if the highly experienced NGSResearch Team, it has been specifically developed for use with Oracle Database Servers, allowing system administrators and security professionals to expose potential vulnerabilities. More than simply a scanner, it provides the capability to audit password quality, rectify identified threats and manage users and roles as well as system and object privileges. Indispensable.

NGSSquirrel For SQL

http://www.nextgenss.com/products/database-security/ngs-squirrel-sql.php

NGSSQuirreL for SQL Server is the scanner with a difference. It not only finds the weaknesses in security infrastructures, but also allows systems professionals to quickly and accurately evaluate the level of server exposure and eliminate vulnerabilities with ease.

Covering SQL Servers (7, 2000 & 2005) it comprehensively scans for every type of security threat and potential vulnerability, allowing system administrators and security professionals to take the necessary steps to keep their servers risk–free.