FAQs‎ > ‎

SQL Products



        Security Management

Idera SQLPermissions
Generates TSQL scripts to move logins and permissions from one server to another. Moves either a single log-in or group of logins. Generates permissions on a single database or across all databases. Provides a simple view of logins and permissions.
 read more ...


Idera SQL Compliance Manager

Idera's SQL compliance manager provides a powerful auditing and compliance solution for Microsoft SQL Server users. SQL compliance manager provides: low overhead data collection, a central repository of audit data, a central management console, pre-defined compliance reports, an auditors console for ad-hoc queries, reporting and forensic analysis, and efficient, secure data archival. read more ...


Lumigent Entegra

In addition to auditing data access, Entegra can also audit DML changes, and can audit and alert on DDL changes. And it does this without triggers. Entegra doesn't establish policies, but rather can confirm that policies are working - or indicate that changes are in order. read more ...


VigilEnt Audit Manager

Audits data modifications within SQL Server using stored procedures and triggers. read more ...



Patch Management


GFI LANguard

GFI LANguard Network Security Scanner audits network security and provides service pack & hot fix level, hostname, shares, logged on user name etc. for each network machine. It also does OS detection, password strength testing, detects registry issues and more. Allows you to remotely install security patches and service packs. Free for non-commercial use. read more ...

HFNetChkPro - Wednesday, December 11, 2002
Excellent tool for discovering and patching SQL server instances. Of course, it all does operating system patches and as well Exchange. Check the site for a complete list of supported products. read more ...

SPM2000 - Wednesday, December 11, 2002
Service Pack Manager 2000 claims existing support for SQL Server 7 and 2000 as well as Windows NT/2000 Exchange, ISA Server, and Outlook. Be wary about lack of multiple instance support. read more ...

UpdateExpert - Wednesday, December 11, 2002
Promises SQL Server patch managment but it is not clear whether multiple instances are support or if they can be applied remotely. The documentation claims SQL Server can only be scanned if the product is installed locally. read more ...
Code Generation


Olymars 
Free code generator from Microsoft. Can yield secure data objects through automated generation of best practices code. Also generates simple user interface code as well as stored procedures. read more ...


CodeCharge 
Code Generator that supports ASP, ASP.NET, PHP, Perl, JSP, ColdFusion code and works with most any RDBMS system. A good choice for new programmers learning to code or experienced developers who want to write CRUD (Create/Read/Update/Delete) applications quickly and securely. Generated code contains consistent input validation and data scrubbing. read more ...
Password Audit


NGSSQLCrack 
Utility to crack SQL Server passwords. Can be used to audit for weak passwords. read more ...
Authentication


Pyn Logic

Provides advanced authentication products for SQL Server including a two-factor authentication mechanism called Enzo. read more ...
Assessment


Imperva - Scuba

Scuba by Imperva is a free, lightweight Java utility that scans Oracle,
DB2, MS-SQL, and Sybase databases for known vulnerabilities and
configuration flaws. Based on its assessment results, Scuba creates
clear, informative reports with detailed test descriptions. Summary
reports, available in Java and HTML format, illustrate overall risk
level. With Scuba by Imperva, you are quickly on your way to meeting
industry-leading best practices for database configuration and
management.
 read more ...


WebInspect - Sunday, July 09, 2006
With WebInspect, auditors, compliance officers, and security experts can perform security assessments on Web applications and Web services. read more ...

Absinthe - Sunday, July 09, 2006
Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection. Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery. read more ...

Burp Suite - Sunday, July 09, 2006
Burp suite is an integrated platform for attacking web applications. It contains major upgrades of all the burp tools, with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. Interesting but the free version is limited. read more ...

Paros Application Proxy - Sunday, July 09, 2006
Paros proxy is capable of scanning applications for a multitude of security vulnerabilities including SQL Injection. Highly recommended. read more ...

NTO Spider - Sunday, July 31, 2005
NTOSpider is the first next-generation web application vulnerability scanner, providing automated vulnerability assessment with unprecedented accuracy and comprehensiveness. Able to quickly scan and analyze large complex web sites/applications, NTOSpider identifies application vulnerabilities as well as site exposure risk, ranks threat priority, produces highly graphical, intuitive HTML reports, and indicates site security posture by vulnerabilities and threat exposure. read more ...

Acunetix - Sunday, July 31, 2005
Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix WVS 2 crawls an entire website, launches popular web attacks (SQL Injection, Cross Site scripting etc.) and identifies vulnerabilities that need to be fixed. read more ...

Microsoft SQL Server Security Analyzer - Friday, June 25, 2004
Tool to inspect a SQL Server installation and compare its configurating against Microsoft's security recommendations. read more ...

Microsoft Baseline Security Analyzer - Friday, June 25, 2004
Microsoft's free security analysis tool scans for OS level patches as well as IIS and SQL Server patches and configuration errors. read more ...

NGSSQuirreL - Wednesday, December 11, 2002
SQL Server scanner with script generator to create lockdown (and un-lockdown) scripts based on current configuration. read more ...

AppDetective Pro - Wednesday, December 11, 2002
Scan for SQL Server vulnerabilities. Perform Audits. Check permissions. Includes scheduled scans, online updates, and SQL Server instance scanning. read more ...

ISS Database Scanner - Monday, December 09, 2002
SQL Server scanner that probes for vulnerabilities and produces reports. read more ...

eTrust Policy Compliance - Monday, December 09, 2002
Can be used to audit for security policy compliance of SQL Servers and operating systems. read more ...
Encryption

Ingrian DataSecure - Saturday, November 13, 2004
DataSecure claims to automate much of the configuration and implementation process and it can now be deployed with complete application transparency—meaning applications don’t need to be altered to accommodate the changes dictated by encryption. read more ...

SQL-Shield - Sunday, December 28, 2003
SQL Shield improves the internal encryption of the MSSQL Server for T-SQL Code. SQL Shield protects stored procedures, triggers, functions and views from being decrypted by any existing decryptors. All encrypted code remains executable. read more ...

SafeJDBC - Wednesday, July 02, 2003
A Driver technoloy which allows a plug-and-lay encryption of SQL data without rewriting code. SafeJDBC automatically encrypts and decrypts the data on the fly, while using the existing application code. SafeJDBC Version 1.01 works with Windows NT/2000 Java applications accessing Microsoft SQL Server databases. (The pure ODBC version is still in development).  read more ...

XP_Crypt - Wednesday, May 28, 2003
XP_CRYPT - Easy-to-use, affordable, and effective security solution for encrypting column and row data in MSSQL Server and Oracle .  read more ...

dbLockdown 1.0 - Monday, January 20, 2003
Ecatenate dbLockdown 1.0 is a database tool to protect SQL Server and MSDE databases. The tool encrypts stored procedures, triggers, user defined functions and views. Database scripts encrypted are automatically archived and can be restored at any time. dbLockdown uses SQL Server's native encryption and therefore does not compromise the functionality of database scripts. Free evaluation available.  read more ...

Netlib Encryptionizer - Monday, December 09, 2002
Offers file-level and column-level database encryption.  read more ...

Protegrity - Monday, December 09, 2002
Actually, this product can enforce encryption, advanced auditing, role-based access, and more granular authorization than the nation SQL Server offerings. Worth a look if you have very strict database security requirements. read more ...

DbEncrypt - Monday, December 09, 2002
Encrypt field-level data within SQL Server.  read more ...

SQL Lite Speed - Monday, December 09, 2002
Encrypted and compressed SQL Server Backups. read more ...
Code Analysis

RATS - Sunday, July 09, 2006
RATS, the Rough Auditing Tool for Security, is a security auditing utility for C and C++ code. RATS scans source code, finding potentially dangerous function calls. The goal of this project is not to definitively find bugs (yet). The current goal is to provide a reasonable starting point for performing manual security audits. read more ...

FxCop - Thursday, November 04, 2004
Free tool from Microsoft to scan source code for flaws including security vulnerabilities. read more ...
Backup and Recovery

SQLSafe - Tuesday, August 28, 2007
Idera’s SQLsafe Freeware Edition is a SQL Server database backup and recovery tool. SQLsafe Freeware Edition gives you a really high-performance backup and recovery engine, a scriptable interface (command line and XSP) and the ability to backup and compress any size and any number of databases, all for free. read more ...