AppSentry

tabs

Overview

Application and Database Security and Vulnerability Assessment

AppSentry is a new generation of security scanner and vulnerability assessment tool. Unlike other security scanners, AppSentry knows the application it is validating – its technology and data model. The security audits and checks are written specifically for the application being tested. Hackers and mischievous employees often exploit security issues at different layers of the technology stack, thus only a complete and comprehensive security validation will uncover all risks in a multi-tiered environment

The advantage of AppSentry is now you don't have to have separate tools for the operating system, web server, database, and application. AppSentry is a single tool that can validate and audit the security of the entire application technology stack from operating system to application layer.

Vulnerability Testing (External)

AppSentry uses advanced penetration testing techniques to discover security risks in the operating system, web servers, application servers, databases, and application. Tests for known exploits and configuration errors are performed externally to the application in an attempt to break-in. Common and well-known network ports, web server directories, and database accounts are probed to identify vulnerabilities in the configuration. Many of the tests are specific to the Oracle E-Business Suite, thus missed by most other security scanners. The password module will brute-force operating system, web server, database, and application authentication using either default passwords, dictionary attacks, or a password list.

Application Validation (Internal)

AppSentry knows the application and database it is validating – its technology and data model. The security audits and checks are written specifically for the application and database. Application validation looks at the entire application configuration and transaction processing to identify security risks and possible fraud. By pinpointing weaknesses in auditing and alerting to suspicious activity, AppSentry can spot risks missed by traditional vulnerability testing.

Evaluation

An evaluation version of AppSentry is available for download. Please contact the Integrigy Sales team for instructions on downloading the evaluation version of AppSentry.

Features

User Interface

AppSentry is simple and quick to use. The user interface has been designed for rapid adoption by auditors, DBAs, and security professionals. Features include a start page to return to recently accessed data, extensive documentation, and interactive help.
AppSentry provides a workflow from policy creation to scan execution to results review.

Scanning

AppSentry requires no software or agents to be installed - only a database account with query-only database privileges is required.
All required database drivers and client software is included, so no additional software is required on the AppSentry workstation.
Scans are fast and optimized for the database and application. All SQL statements have been optimized and tuned by our DBA team.

Reporting

AppSentry has over 50 reports available from vulnerability detail to audit information of the database, application server, and applications.
Reports can be viewed on-line, printed, or exported to many different formats (PDF, RTF, HTML, Excel, Word, CSV, Text, or XML).

Checks & Audits

AppSentry performs over 300 security audits and checks against the Oracle Database, Microsoft SQL Server, Oracle Fusion Middleware, and Oracle E-Business Suite. All technology components – operating system, web server, application server, and database – are analyzed as well as the application. The audits and checks are internal and external; some are performed through penetration testing while others are performed by accessing the file-system, database, and application.

Here is a sample of a few of the 300+ checks AppSentry performs -

Operating System
Standard Oracle accounts
UNIX and Windows security patches

Web Server
Apache configuration (http.conf)
Apache logging (http.log)
Apache virtual directories
Apache and JServ security patches
SSL configuration
Oracle support cgi-bin scripts
PLSQL Cartridge exploits

Application Server
Forms and reports security patches
SSL configuration

Database
Database accounts
Listener exploits
Database auditing (SYS.AUD$)
Database security patches
APPS permissions
APPLSYSPUB permissions
Database links

Oracle E-Business Suite
Application accounts
Users with Sysadmin responsibility
Application’s security patches
Application auditing
Password related profile options

Specifications

AppSentry Targets

Oracle E-Business Suite	11.5.7 - 11.5.10 CU2 12.0 12.1	Sun Solaris (SPARC) HP (HP/UX) IBM (AIX) Linux (all supported vendors) Windows Server
Oracle Database	8i (8.1.7) 9i (9.0.1, 9.2) 10g (10.1, 10.2) 11g (11.1, 11.2)	Sun Solaris (SPARC and Intel) HP (HP/UX and Tru64) IBM (AIX) Linux (all supported vendors) Windows Server
Oracle Application Server	9iAS (1.0.2, 9.0.x) 10g (9.0.4, 10.1) 11g (11.1)	Sun Solaris (SPARC and Intel) HP (HP/UX and Tru64) IBM (AIX) Linux (all supported vendors) Windows Server
Microsoft SQL Server	2000 2005 2008 2008 R2 2012	Windows Server 2000 Windows Server 2003 Windows Server 2008 Windows Server 2012

AppSentry requires no software or agents to be installed on the target database or application. A valid database account with query-only privileges is required for both databases and applications.

AppSentry System Requirements

Operating System	Microsoft Windows 2000 SP4 Microsoft Windows XP SP1 Microsoft Windows Vista Windows 7
Other Software	Adobe Acrobat 5.0 or later Microsoft Internet Explorer 5.0 or later
Processor, RAM, Disk	Intel Pentium or AMD CPU 512 MB RAM 120 MB Free Disk Space
Windows Privileges	AppSentry requires administrative privileges to install and run
Database Drivers	AppSentry requires no database drivers to be installed

Main menu

AppSentry

tabs

Application and Database Security and Vulnerability Assessment

Vulnerability Testing (External)

Application Validation (Internal)

Evaluation

User Interface

Scanning

Reporting

AppSentry Targets

AppSentry System Requirements

About Integrigy

Products & Services

Security Resources

Integrigy Mailing List

Search form

You are here

AppSentry

tabs

Application and Database Security and Vulnerability Assessment

Vulnerability Testing (External)

Application Validation (Internal)

Evaluation

User Interface

Scanning

Reporting

AppSentry Targets

AppSentry System Requirements

About Integrigy

Products & Services

Security Resources