评估商业软件。
AppDetectivePro把检测评估过程分为四个阶段:
1.确定要检测评估的数据库,称之为Discovery。
2.进行模拟黑客外部攻击的渗透测试Penetration Test。
3.登录数据库进行内部审计测试Audit Test。
4.生成评估报告。
AppDetectivePro is a network-based vulnerability assessment scanner that discovers database applications and assesses their security strength. AppDetectivePro uses industry best practices and proven security methodologies to locate, examine, report on and fix security holes and misconfigurations to protect organizations from internal and external database threats. From within AppDetectivePro, auditors, DBAs and other IT security professionals can leverage a “hacker’s point-of-view” to gain a unique perspective on an organization’s risk posture. It also ranks vulnerabilities by severity and risk level so that they can be fixed in a timely manner.
Some benefits to organizations running AppDetectivePro include:
Database discovery (asset/inventory discovery)
Database penetration testing (non-credentialed, outside in scans, i.e. hacker’s view)
Database auditing (credentialed scans)
Job/scan scheduling
Support for all major database platforms
Consistent base lining and repeatability
Significant time savings vs. script based scanning
Database vulnerability remediation scripts
Industry leading vulnerability knowledgebase
Comprehensive reporting including automatic delivery
Industry leading team of dedicated database vulnerability researchers allowing Application Security, Inc. to update AppDetectivePro every 30 days
Additionally, AppDetectivePro helps organizations to verify they are following compliance and regulatory requirements, including: PCI Data Security Standard, HIPAA, GLBA, California Security Breach Information Act (SB 1386), Sarbanes-Oxley Act, Basel II, ISO 27001/17799, DISA-STIG, FISMA, NIST 800-53, PIPEDA, Canada’s Bill 198, and MITS.