Connect with us

Hi, what are you looking for?



Application Security, Inc. Upgrades Database Audit & Security Products

Application Security Inc., announced product upgrades to its AppDetectivePro and DbProtect solutions this week at Oracle Open World in San Francisco.

Application Security, Inc.

Application Security Inc., announced product upgrades to its AppDetectivePro and DbProtect solutions this week at Oracle Open World in San Francisco.

Application Security, Inc.

AppDetectivePro 7, automates and streamlines the database audit process, providing enhanced contextual scanning and reporting capabilities that allow auditors to standardize their extensive processes.

The new capabilities in AppDetectivePro 7 reduce the manual effort and time associated with analyzing audit findings, and provide the ability to map audit control objectives to scan policies prior to running a scan. For organizations that require DIACAP compliance, AppDetectivePro 7 provides a built-in DISA-STIG (Defense Information Systems Agency Security Technical Implementation Guide) work plan framework that includes scan policies and questionnaire definitions for each database-specific version. This framework simplifies audits and reduces the time to compliance by consolidating all reporting requirements including CoBIT, COSO, and ISO 27002.

New AppDetectivePro 7 Capabilities Include:

• Work Plan Manager – Enables organizations to standardize the database audit process and control objectives, including the management of all questionnaires and scan policies.

• Questionnaire Editor – Allows users to pair business risk context with database scans. The questionnaire editor allows users to map control objectives to specific checks within their scan policies.

• Audit Findings Report – Delivers a database audit report, providing consolidated results for a complete audit that includes manual interview answers and scan results.

Advertisement. Scroll to continue reading.

• SHATTER Knowledgebase Update – Built-in knowledgebase updates of vulnerability and configuration checks from a database security research team.

• DISA-STIG Compliance – Provides a complete DISA-STIG Checklist Assessment, eliminating the need to run DISA’s SRR’s (Security Readiness Scripts), condensing all findings into one single report.

• Meets Regulatory Requirements – Meets compliance needs for regulations including HIPAA, SOX, FISMA, PCI-DSS, Mass 201 and more.


The company also announced that it has added a Rights Management Module to its flagship database security solution, DbProtect. The new module allows information security analysts, business managers, and database administrators (DBAs) to automate user entitlement reviews in enterprise database environments. The module helps organizations meet compliance regulations by mandating the implementation of strong access control measures, such as those required by the Payment Card Industry – Data Security Standard (PCI-DSS.)

“The new rights management module in DbProtect allows enterprise customers to quickly assess user entitlements and ensure the proper assignment of privileges,” said Josh Shaul, vice president of product management, AppSec.

The latest report from Verizon Business and the Secret Service identifies insiders as the cause of nearly half of all data breaches in 2009. By assessing database user rights and entitlements, enterprise organizations can enforce proper segregation of duties controls and ensure that employees, partners, and contractors only have access to the minimum amount of sensitive information necessary.

DbProtect allows organizations to secure data from internal and external threats and help meet regulatory compliance and audit requirements. DbProtect 6 is available immediately for Oracle and Microsoft SQL Server databases.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...