FAQs‎ > ‎

SQL Products



       
Note:  Many of these products may have changed names, companies, or may have been retired entirely.  This list is provided mostly as a way to point you in the right direction.


    Security Management


Idera SQLPermissions
Generates TSQL scripts to move logins and permissions from one server to another. Moves either a single log-in or group of logins. Generates permissions on a single database or across all databases. Provides a simple view of logins and permissions.
 read more ...


Idera SQL Compliance Manager

Idera's SQL compliance manager provides a powerful auditing and compliance solution for Microsoft SQL Server users. SQL compliance manager provides: low overhead data collection, a central repository of audit data, a central management console, pre-defined compliance reports, an auditors console for ad-hoc queries, reporting and forensic analysis, and efficient, secure data archival. read more ...


Lumigent Entegra

In addition to auditing data access, Entegra can also audit DML changes, and can audit and alert on DDL changes. And it does this without triggers. Entegra doesn't establish policies, but rather can confirm that policies are working - or indicate that changes are in order. read more ...


VigilEnt Audit Manager

Audits data modifications within SQL Server using stored procedures and triggers. read more ...



Patch Management


GFI LANguard

GFI LANguard Network Security Scanner audits network security and provides service pack & hot fix level, hostname, shares, logged on user name etc. for each network machine. It also does OS detection, password strength testing, detects registry issues and more. Allows you to remotely install security patches and service packs. Free for non-commercial use. read more ...


HFNetChkPro
Excellent tool for discovering and patching SQL server instances. Of course, it all does operating system patches and as well Exchange. Check the site for a complete list of supported products. read more ...


SPM2000
Service Pack Manager 2000 claims existing support for SQL Server 7 and 2000 as well as Windows NT/2000 Exchange, ISA Server, and Outlook. Be wary about lack of multiple instance support. read more ...




UpdateExpert 
Promises SQL Server patch managment but it is not clear whether multiple instances are support or if they can be applied remotely. The documentation claims SQL Server can only be scanned if the product is installed locally. read more ...

Code Generation


Olymars 
Free code generator from Microsoft. Can yield secure data objects through automated generation of best practices code. Also generates simple user interface code as well as stored procedures. read more ...


CodeCharge 
Code Generator that supports ASP, ASP.NET, PHP, Perl, JSP, ColdFusion code and works with most any RDBMS system. A good choice for new programmers learning to code or experienced developers who want to write CRUD (Create/Read/Update/Delete) applications quickly and securely. Generated code contains consistent input validation and data scrubbing. read more ...


Password Audit


NGSSQLCrack 
Utility to crack SQL Server passwords. Can be used to audit for weak passwords. read more ...



Authentication


Pyn Logic

Provides advanced authentication products for SQL Server including a two-factor authentication mechanism called Enzo. read more ...





Assessment





SecPoint
Appliance offers 
SQL Injeciton, Poodle, Heartbleed security checks and many others.
http://www.secpoint.com/penetrator.html

Imperva - Scuba

Scuba by Imperva is a free, lightweight Java utility that scans Oracle,
DB2, MS-SQL, and Sybase databases for known vulnerabilities and
configuration flaws. Based on its assessment results, Scuba creates
clear, informative reports with detailed test descriptions. Summary
reports, available in Java and HTML format, illustrate overall risk
level. With Scuba by Imperva, you are quickly on your way to meeting
industry-leading best practices for database configuration and
management.
 read more ...


WebInspect 
With WebInspect, auditors, compliance officers, and security experts can perform security assessments on Web applications and Web services. read more ...


Absinthe
Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection. Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery. read more ...


Burp Suite 
Burp suite is an integrated platform for attacking web applications. It contains major upgrades of all the burp tools, with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. Interesting but the free version is limited. read more ...


Paros Application Proxy 
Paros proxy is capable of scanning applications for a multitude of security vulnerabilities including SQL Injection. Highly recommended. read more ...


NTO Spider 
NTOSpider is the first next-generation web application vulnerability scanner, providing automated vulnerability assessment with unprecedented accuracy and comprehensiveness. Able to quickly scan and analyze large complex web sites/applications, NTOSpider identifies application vulnerabilities as well as site exposure risk, ranks threat priority, produces highly graphical, intuitive HTML reports, and indicates site security posture by vulnerabilities and threat exposure. read more ...


Acunetix 
Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix WVS 2 crawls an entire website, launches popular web attacks (SQL Injection, Cross Site scripting etc.) and identifies vulnerabilities that need to be fixed. read more ...


Microsoft SQL Server Security Analyzer 
Tool to inspect a SQL Server installation and compare its configurating against Microsoft's security recommendations. read more ...


Microsoft Baseline Security Analyzer 
Microsoft's free security analysis tool scans for OS level patches as well as IIS and SQL Server patches and configuration errors. read more ...


NGSSQuirreL 
SQL Server scanner with script generator to create lockdown (and un-lockdown) scripts based on current configuration. read more ...


AppDetective Pro
Scan for SQL Server vulnerabilities. Perform Audits. Check permissions. Includes scheduled scans, online updates, and SQL Server instance scanning. read more ...


ISS Database Scanner 
SQL Server scanner that probes for vulnerabilities and produces reports. read more ...


eTrust Policy Compliance 
Can be used to audit for security policy compliance of SQL Servers and operating systems. read more ...


Encryption



Ingrian DataSecure 
DataSecure claims to automate much of the configuration and implementation process and it can now be deployed with complete application transparency—meaning applications don’t need to be altered to accommodate the changes dictated by encryption. read more ...


SQL-Shield 
SQL Shield improves the internal encryption of the MSSQL Server for T-SQL Code. SQL Shield protects stored procedures, triggers, functions and views from being decrypted by any existing decryptors. All encrypted code remains executable. read more ...


SafeJDBC 
A Driver technoloy which allows a plug-and-lay encryption of SQL data without rewriting code. SafeJDBC automatically encrypts and decrypts the data on the fly, while using the existing application code. SafeJDBC Version 1.01 works with Windows NT/2000 Java applications accessing Microsoft SQL Server databases. (The pure ODBC version is still in development).  read more ...


XP_Crypt 
XP_CRYPT - Easy-to-use, affordable, and effective security solution for encrypting column and row data in MSSQL Server and Oracle .  read more ...


dbLockdown
Ecatenate dbLockdown is a database tool to protect SQL Server and MSDE databases. The tool encrypts stored procedures, triggers, user defined functions and views. Database scripts encrypted are automatically archived and can be restored at any time. dbLockdown uses SQL Server's native encryption and therefore does not compromise the functionality of database scripts. Free evaluation available.  read more ...


Netlib Encryptionizer
Offers file-level and column-level database encryption.  read more ...


Protegrity
Actually, this product can enforce encryption, advanced auditing, role-based access, and more granular authorization than the nation SQL Server offerings. Worth a look if you have very strict database security requirements. read more ...


DbEncrypt
Encrypt field-level data within SQL Server.  read more ...


SQL Lite Speed 
Encrypted and compressed SQL Server Backups. read more ...

Code Analysis

RATS 
RATS, the Rough Auditing Tool for Security, is a security auditing utility for C and C++ code. RATS scans source code, finding potentially dangerous function calls. The goal of this project is not to definitively find bugs (yet). The current goal is to provide a reasonable starting point for performing manual security audits. read more ...


FxCop 
Free tool from Microsoft to scan source code for flaws including security vulnerabilities. read more ...

Backup and Recovery

SQLSafe 
Idera’s SQLsafe Freeware Edition is a SQL Server database backup and recovery tool. SQLsafe Freeware Edition gives you a really high-performance backup and recovery engine, a scriptable interface (command line and XSP) and the ability to backup and compress any size and any number of databases, all for free. read more ...