Free VS Commercial Database Vulnerability Scanning

Part of the vulnerability assessment process must include a vulnerability assessment of your databases.
And the sad reality is that while there are thousands of tools that focus on Web application and network security scanning, there are very few of them which are doing the same for databases.
Today we are comparing the results delivered by Scuba by Imperva - a free tool and NGSSQuirreL for SQL by Next Generation Security Software - a commercial tool.


















The tools comparison table
Here is a side-by-side comparison of functionality and results of both tools


The results
To provide the most impartial evaluation of the results, we have generated detailed reports of both tools as PFD files. You can review them and assess the quality yourself.


Conclusion
It is evident that the commercial tool beats the free Scuba in every area. But before you jump into a purchase, you need to assess your requirements and expectations.

So it is very advisable to get the free tool, run it in your environment and understand the results, so you can understand what is missing, and extend your search to a better tool


Talkback and comments are most welcome

Related posts
Thrown in the Fire - Database Corruption Investigation
Quick and Basic Security Assessment for Databases
SQL Server Bulk Import - BCP HOW TO

5 comments:

Gaiacom Wireless Networks said...

Useful information, good to know, thanks.

Reza's Techno-Science said...

nice info, buddy.thanks.

Aira Pratama said...

nice info, thanks for sharing

Sam Maron said...

Data protection should include a complete security assessment of internal and external operations to detect vulnerabilities and analyze threats before a security plan is formulated.
secure data room

Sunmugam Chidambaram said...


Good post like to Read More Like this
xender for pc

Designed by Posicionamiento Web