Sentrigo Releases Free Fuzzing Utility for Oracle Database Applications

Database security innovator creates scanning utility to enable programmers, DBAs and security pros to check Oracle applications for vulnerabilities

SAN MATEO, Calif.—February 4, 2009—Sentrigo, Inc., the innovator in database security software, today announced FuzzOr, an open source fuzzing tool for Oracle databases designed to identify vulnerabilities found in software applications written in PL/SQL code. The new utility allows PL/SQL programmers, database administrators (DBAs) and security professionals to identify and repair vulnerabilities that may be exploited via SQL injection and buffer overflow attacks—the most common techniques used by hackers to launch attacks on databases.

Exploiting of weaknesses in application code running on top of corporate databases is a common attack vector. By gaining access to application schemas, hackers or privileged insiders can tap into the database itself, where the organizational “crown jewels” reside. FuzzOr is one of the first tools designed to detect vulnerabilities in these applications, providing an additional level of database security.

 
“There are thousands of applications in use today, some from Oracle and many others from third parties, that may contain vulnerabilities that make the database subject to attack,” said Slavik Markovich, co-founder and CTO of Sentrigo. “With hackers using increasingly sophisticated techniques to attack databases, proactive testing conducted on a regular basis can help flag potential vulnerabilities that may otherwise go unnoticed.”
 

Sentrigo’s FuzzOr utility runs on Oracle database versions 8i and above to identify coding errors. A dynamic scanning tool, FuzzOr enables DBAs and security pros to test PL/SQL code inside Oracle-stored program units. Once vulnerabilities are detected by FuzzOr, a programmer can then repair the PL/SQL code. In cases of legacy or complex applications where code changes and repairs are more difficult to implement, FuzzOr seamlessly integrates into Sentrigo’s Hedgehog software products, and automatically generates virtual patching to alert on or prevent attempts to exploit the discovered vulnerabilities.  
 

"FuzzOr is a useful tool in helping unearth exploitable vulnerabilities and plugging database security holes against malicious activities," said Pete Finnigan, a world renowned authority on Oracle security. "Having had a chance to take a look at this utility to see what it can do, I would say that FuzzOr is a tool that must be part of the toolkit for DBAs and any security professional responsible for battling SQL injection, buffer overflow and other common attacks on the database. Traditional source code analysis tools are lacking in their availability for Oracle PL/SQL and this tool nicely fills the gap for testing your own PL/SQL or that of your application vendor."
 
Sentrigo’s Hedgehog products safeguard databases against all types of misuse, whether originating outside the organization or perpetrated by sophisticated insiders. Hedgehog software is easy to deploy and fully scalable from small localized installations to enterprise-wide usage and brings unprecedented levels of protection to databases.

Markovich concludes, “Our focus at Sentrigo has always been on delivering guidance and best practices for securing the database, protecting critical data and providing the best solutions available for database security. By releasing a tool such as FuzzOr, we hope to further demonstrate our innovative technological leadership and give back to the database user community as a whole.”

Sentrigo’s open source FuzzOr can be downloaded at no charge from the company’s website:  Here

About Sentrigo

Sentrigo, Inc. is a recognized innovator in database security. The company’s Hedgehog software provides full-visibility database activity monitoring and real-time database protection and has been rapidly adopted by Fortune 1000 companies to defend mission-critical data against insider misuse as well as outsider intrusion. Enterprises across industry sectors are also using Sentrigo Hedgehog to accelerate compliance with regulatory requirements such as PCI DSS, Sarbanes-Oxley and HIPAA. Sentrigo has won wide acclaim for its industry and technology leadership by publications such as Network World and SC Magazine. For additional information and to download Hedgehog, visit www.sentrigo.com.
 

Sentrigo, Sentrigo Hedgehog, Hedgehog IDentifier and the Sentrigo logo are trademarks of Sentrigo, Inc. All other trademarks are the property of their respective holders.

 

# # #

 

Media Contacts:

Tim Whitman and Shweta Agarwal
Schwartz Communications, Inc.
781-684-0770
sentrigo@schwartz-pr.com