Application and Database Security and Vulnerability Assessment
AppSentry is a new generation of security scanner and vulnerability assessment tool. Unlike other security scanners, AppSentry knows the application it is validating – its technology and data model. The security audits and checks are written specifically for the application being tested. Hackers and mischievous employees often exploit security issues at different layers of the technology stack, thus only a complete and comprehensive security validation will uncover all risks in a multi-tiered environment
The advantage of AppSentry is now you don't have to have separate tools for the operating system, web server, database, and application. AppSentry is a single tool that can validate and audit the security of the entire application technology stack from operating system to application layer.
Application Validation (Internal)
AppSentry knows the application and database it is validating – its technology and data model. The security audits and checks are written specifically for the application and database. Application validation looks at the entire application configuration and transaction processing to identify security risks and possible fraud. By pinpointing weaknesses in auditing and alerting to suspicious activity, AppSentry can spot risks missed by traditional vulnerability testing.
Vulnerability Testing (External)
AppSentry uses advanced penetration testing techniques to discover security risks in the operating system, web servers, application servers, databases, and application. Tests for known exploits and configuration errors are performed externally to the application in an attempt to break-in. Common and well-known network ports, web server directories, and database accounts are probed to identify vulnerabilities in the configuration. Many of the tests are specific to the Oracle E-Business Suite, thus missed by most other security scanners. The password module will brute-force operating system, web server, database, and application authentication using either default passwords, dictionary attacks, or a password list.
An evaluation version of AppSentry is available for download. Please contact the Integrigy Sales team for instructions on downloading the evaluation version of AppSentry.