AppSentry Overview

AppSentry is a new generation of security scanner and vulnerability assessment tool. Unlike other security scanners, AppSentry knows the application it is validating – its technology and data model. The security audits and checks are written specifically for the application being tested. Hackers and mischievous employees often exploit security issues at different layers of the technology stack, thus only a complete and comprehensive security validation will uncover all risks in a multi-tiered environment

The advantage of AppSentry is you don't need separate tools for the operating system, web server, database, and application. AppSentry is a single tool that can validate and audit the security of the entire application technology stack from operating system to application layer.

AppSentry Features

Database and ERP Applications

Audits and checks all your key databases and ERP applications

Simple to Use

Task oriented GUI doesn't require database security expertise

Powerful Reporting

Findings, recommendations, exportable, compliance mappings (PCI, HIPAA, SOX, …)

ERP Full Stack

Audits the entire ERP application technology stack including database, application server, and application

Security Eco-System Integration

Integrates with your existing security and database tools

Zero Impact

Agentless installation with no performance impact

AppSentry Checks and Audits

AppSentry performs over 1,000 security audits and checks against the Oracle Database, Microsoft SQL Server, Oracle Fusion Middleware, and Oracle E-Business Suite. All technology components – operating system, web server, application server, and database – are analyzed as well as the application. The audits and checks are internal and external; some are performed through penetration testing while others are performed by accessing the file-system, database, and application.

Here is a sample of a few of the 1,000+ checks AppSentry performs -

Operating System
Standard Oracle accounts
UNIX and Windows security patches

Web Server
Apache configuration (http.conf)
Apache logging (http.log)
Apache virtual directories
Apache and JServ security patches
SSL configuration
Oracle support cgi-bin scripts
PLSQL Cartridge exploits

Application Server
Forms and reports security patches
SSL configuration

Database
Database accounts
Listener exploits
Database auditing (SYS.AUD$)
Database security patches
APPS permissions
APPLSYSPUB permissions
Database links

Oracle E-Business Suite
Application accounts
Users with Sysadmin responsibility
Application’s security patches
Application auditing
Password related profile options

AppSentry Specifications

AppSentry Targets

Oracle E-Business Suite 11.5.7 - 11.5.10 CU2
12.0
12.1
12.2
Sun Solaris (SPARC)
HP (HP/UX)
IBM (AIX)
Linux (all supported vendors)
Windows Server
Oracle Database 8i (8.1.7)
9i (9.0.1, 9.2)
10g (10.1, 10.2)
11g (11.1, 11.2)
12c (12.1)
Sun Solaris (SPARC and Intel)
HP (HP/UX and Tru64)
IBM (AIX)
Linux (all supported vendors)
Windows Server
Oracle Fusion Middleware 9iAS (1.0.2, 9.0.x)
10g (9.0.4, 10.1)
11g (11.1)
Sun Solaris (SPARC and Intel)
HP (HP/UX and Tru64)
IBM (AIX)
Linux (all supported vendors)
Windows Server
Microsoft SQL Server 2000
2005
2008
2008 R2
2012
2014
Windows Server 2000
Windows Server 2003
Windows Server 2008
Windows Server 2012

AppSentry requires no software or agents to be installed on the target database or application.  A valid database account with query-only privileges is required for both databases and applications.

AppSentry System Requirements

Operating System Microsoft Windows 2000 SP4
Microsoft Windows XP SP1
Microsoft Windows Vista
Windows 7
Windows 8
Windows 10
Windows Server (2003, 2008, 2012)
Other Software Adobe Acrobat 5.0 or later
Microsoft Internet Explorer 5.0 or later
Processor, RAM, Disk Intel Pentium or AMD CPU
1 GB RAM
500 MB Free Disk Space
Windows Privileges AppSentry does not require Administrator privileges to install or run
Database Drivers AppSentry requires no database
drivers to be installed

AppSentry Information