Imperva launches vulnerability scanning tool

Imperva's scanning tool, Scuba, supports all major commercial databases

Data security specialist Imperva has launched a new free database vulnerability scanning tool designed to identify known document vulnerabilities and misconfigurations in production databases.

Scuba by Imperva supports all major commercial databases, is easy to download and use, and is safe because it does not try to run exploits, but instead looks for the conditions of specific vulnerabilities, according to the firm's marketing manager, Alan Norquist.

It scans for vulnerabilities that can enable SQL injection, buffer overflow and other attacks, and detects configuration problems such as unsafe processes and insecure passwords, said the firm.

"There are no open-source or free tools that do the same," explained Imperva's chief technology officer, Amichai Shulman. "So we thought there was a barrier for people wanting to get into database security but needing to get the budget allocation for assessments first."

The tool provides administrators with a summary report that includes a risk assessment of the database, together with the severity rating of vulnerabilities discovered and percentage of tests passed and failed. A further, more detailed Assessment Report is also available so administrators can prioritise action.

"Being able to find a good way of quantifying [the risks] and doing it in an organised fashion and showing it to management is something security customers wanted," said Norquist.