Application Security Inc.
Comprehensive tools, good documentation.
Not for the faint-hearted.
An interesting and potentially valuable product.
SummaryThe software supplied covered DbEncrypt for Microsoft SQL, DbEncrypt for Oracle and AppDetective. This is not a simple file encryption program, but a comprehensive tool kit with specific functionality to help you protect data and find vulnerabilities in your network and applications. These tools will not appeal to the casual user, but require the understanding and expertise of a competent systems administrator who is prepared to learn exactly how these tools could benefit the enterprise.
Comprehensive, well-written printed manuals are supplied for each program, supplemented by PDF versions and getting-started guides on the CD-Rom.
With the DbEncrypt program, the concept is that your corporate databases deserve extra protection. DbEncrypt enables you to encrypt database columns using a variety of algorithms in a manner which is callable from SQL and does not require setting up a particularly complex key-management system, although keys are involved.
The user interfaces do not look fancy, but of more relevance is the functionality that includes selective column encryption on a write-only basis (preventing the viewing of data written by other users), and the provision of a "restoration" account to provide a recovery mechanism that ensures you can get your data.
This is a well-considered product from those with a good understanding of enterprise databases, evident from the detail and facilities within the interfaces and even the manual that provides detailed information and a section on performance considerations.
AppDetective (and AppDetective for Web Applications) seeks to ascertain the security of applications within your network and help make it more resistant to hackers.
The principles of operation are detection (to ascertain your inventory of applications), penetration tests (to test applications against external attack and in line with security policies), and report generation (to document the findings and help you to develop a strategy for addressing relevant issues).
A job scheduler allows you to run tasks automatically and distributed tools enable a large organization to run tasks concurrently against different servers on the network.