Slide Show: 10 Free Database Security Tools
While many database protection suites are an expensive proposition, there are a number of free tools available to organizations seeking cost-effective ways to begin securing their databases
While expensive products such as database activity monitoring suites and database encryption tools may be the only option for highly regulated organizations required to comply with security mandates, some organizations with no database security in place may find that free tools can be a great way to reduce security risks. Dark Reading takes a look at a wide range of free security tools that can help organizations discover, scan, assess, and protect their databases from attack.
Vendor: WinTestGear
Tool: MSSQL.DataMask
Tool Type: Data Masking
Using live data in test databases is a common but risky mistake that organizations make every day. This freeware gives developers the ability to mask data for development, testing, or outsourcing projects that involve SQL Server databases.
Vendor: Imperva
Tool: Scuba
Tool Type: Database Vulnerability Scanner
This free scanner offers 1,200 tests that look for common problems, such as weak passwords, known configuration risks, and missing patches on a range of database platforms.
Vendor: Application Security
Tool: AppDetectivePro
Tool Type: Database discovery/vulnerability scanner
In May, AppSec pledged to give away $1 million worth of one-year licenses for this audit and assessment tool. The tool performs database discovery, vulnerability assessment, and user rights review across numerous DBMS platforms.
Vendor: Open Source
Tool: Nmap/Zenmap
Tool Type: Vulnerability scanner
Not database-specific, per se, Nmap (and GUI-based Zenmap) contains a number of extremely useful features that can scan for database instances and vulnerabilities.
Vendor: Portcullis Labs
Tool: BSQL Hacker
Tool Type: SQL Injection Tester
This is an automated SQL injection framework that facilitates blind SQL injection, time-based blind SQL injection, deep blind SQL injection, and error-based SQL injection attacks. Designed to test Oracle and MySQL databases, it can automatically extract all database data and schemas.
Vendor: GreenSQL
Tool: GreenSQL Express
Tool Type: Database Firewall
This free edition of the GreenSQL database firewall offers protection for one proxy, with compatibility with SQL Server, MySQL, and PostgreSQL. In addition to database firewall controls, it enforces deparation of duties and offers visibility into risky behaviors based on a risk-scoring matrix.
Vendor: ActiveCrypt
Tool: DB Defence
Tool Type: Database Encryption
The free version of this tool is limited to databases of 77 MB, but offers a slate of features that include strong encryption, protection of SQL from SQL Profiler, and the obfuscation of schemas, even from administrators.
Vendor: Special Ops Security
Tool: SQLRECON
Tool Type: Database Discovery Tool
The first step in securing databases is knowing where the heck they are. SQLRECON performs active and passive scans of a network to identify SQL Server instances.
Developer: Patrik Karlsson
Tool: Oracle Auditing Tools
Tool Type: Database Auditing
This open-source toolkit includes password-attack tools, command-line query tools, and TNS-listener query tools to test the security of Oracle database configurations.
Developer: Patrik Karlsson
Tool: OScanner
Tool Type: Database assessment framework
A Java-based Oracle assessment framework, this tool does SID enumeration, password tests, and enumeration of Oracle versions, roles, privileges, account hashes, password policies, and database links.
Developer: Patrik Karlsson
Tool: OScanner
Tool Type: Database assessment framework
A Java-based Oracle assessment framework, this tool does SID enumeration, password tests, and enumeration of Oracle versions, roles, privileges, account hashes, password policies, and database links.
Developer: Patrik Karlsson
Tool: OScanner
Tool Type: Database assessment framework
A Java-based Oracle assessment framework, this tool does SID enumeration, password tests, and enumeration of Oracle versions, roles, privileges, account hashes, password policies, and database links.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024