/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsSAN MATEO, USA: Database security firm Sentrigo has made a free code analysis tool available for Oracle databases. The software, called FuzzOr, runs on Oracle database versions 8i and above and can be used to identify and remediate code vulnerable to SQL injection attacks.
The new utility allows PL/SQL programmers, database administrators (DBAs) and security professionals to identify and repair vulnerabilities that may be exploited via SQL injection and buffer overflow attacks, the most common techniques used by hackers to launch attacks on databases.
Exploiting of weaknesses in application code running on top of corporate databases is a common attack vector. By gaining access to application schemas, hackers or privileged insiders can tap into the database itself, where the organizational “crown jewels” reside. FuzzOr is one of the first tools designed to detect vulnerabilities in these applications, providing an additional level of database security.
“There are thousands of applications in use today, some from Oracle and many others from third parties, that may contain vulnerabilities that make the database subject to attack,” said Slavik Markovich, co-founder and CTO of Sentrigo. “With hackers using increasingly sophisticated techniques to attack databases, proactive testing conducted on a regular basis can help flag potential vulnerabilities that may otherwise go unnoticed.”
Sentrigo’s FuzzOr utility runs on Oracle database versions 8i and above to identify coding errors. A dynamic scanning tool, FuzzOr enables DBAs and security pros to test PL/SQL code inside Oracle-stored program units. Once vulnerabilities are detected by FuzzOr, a programmer can then repair the PL/SQL code. In cases of legacy or complex applications where code changes and repairs are more difficult to implement, FuzzOr seamlessly integrates into Sentrigo’s Hedgehog software products, and automatically generates virtual patching to alert on or prevent attempts to exploit the discovered vulnerabilities.
Sentrigo’s Hedgehog products safeguard databases against all types of misuse, whether originating outside the organization or perpetrated by sophisticated insiders. Hedgehog software is easy to deploy and fully scalable from small localized installations to enterprise-wide usage and brings unprecedented levels of protection to databases.
Markovich concludes, “Our focus at Sentrigo has always been on delivering guidance and best practices for securing the database, protecting critical data and providing the best solutions available for database security. By releasing a tool such as FuzzOr, we hope to further demonstrate our innovative technological leadership and give back to the database user community as a whole.”
Sentrigo’s open source FuzzOr can be downloaded at no charge from the company’s website.