Part of the vulnerability assessment process must include a vulnerability assessment of your databases.
And the sad reality is that while there are thousands of tools that focus on Web application and network security scanning, there are very few of them which are doing the same for databases.
Today we are comparing the results delivered by Scuba by Imperva - a free tool and NGSSQuirreL for SQL by Next Generation Security Software - a commercial tool.
The tools comparison table
Here is a side-by-side comparison of functionality and results of both tools
To provide the most impartial evaluation of the results, we have generated detailed reports of both tools as PFD files. You can review them and assess the quality yourself.
- Here you can download and view a SCUBA PDF Database Vulnerability Detailed Scan of a SQL 2008 Express DBMS
- Here you can download and view a NGSSQuirreL PDF Database Vulnerability Detailed Scan of a SQL 2008 Express DBMS
It is evident that the commercial tool beats the free Scuba in every area. But before you jump into a purchase, you need to assess your requirements and expectations.
So it is very advisable to get the free tool, run it in your environment and understand the results, so you can understand what is missing, and extend your search to a better tool
Talkback and comments are most welcome
Thrown in the Fire - Database Corruption Investigation
Quick and Basic Security Assessment for Databases
SQL Server Bulk Import - BCP HOW TO