Oracle Security Scanner
We have developed a database vulnerability scanner called PFCLScan and initially this focused on scanning Oracle databases for vulnerabilities. We have many types of project templates to allows scanning of Oracle databases and many other things such as interviews, code analysis, APEX, E-Business Suite.
We will also add other databases such as MS SQL, Postgress and mySQL and other project types as time goes on. The scanner also is being extended to add additional projects and tools that are built into PFCLScan but also will be additional cost options on top of the PFCLScan license. These tools are built into PFCLScan to utilise the functionality of the core scanner. This means that we can maintain a single source code tree and use all of the features of the scanner engines and tools but also provide simple GUI screens to show the data for these tools. We use PFCLScan plugins to provide the interface between each tools custom GUI and the core engine stacks. We can also utilise the core reporting tools. This means that whilst each tool is separate it also uses the same core functionality.
Each additional tool can be purchased on its own or you can purchase multiple other tool licenses as well as PFCLScan. If you purchase PFCLScan and one or more other tools then these tools are available via the PFCLScan tools menu. If you buy licenses for one or more other tools but not for PFCLScan then instead when you start up PFCLScan you are presented with a launcher to choose the applications that you have licensed.
The additional tools include:
- PFCLCode: This tool allows a detailed review of PL/SQL in a single schema or all schemas. This reviews code for coding errors, SQL injection and many types of issue.
- PFCLUserRights: Perform a detailed analysis of customer created database users and Oracle default accounts. The tool also analyses privileges granted to users and also passwords, profiles, age and more.
- PFCLObfuscate: This product already exists as a command line tool. PFCLObfuscate now has a detailed GUI and also a number of helper tools to allow you to choose a schema of PL/SQL to protect where we can get as close as possible to automated obfuscation by analysing and detailing all of the configuration that is needed.
- PFCLSFTK: If you have detected security issues in PL/SQL code that you do not own or control then PFCLSFTK can be used to resolve these problems. We have come across the issue of SQL Injection bugs in canned applications many times when performing security audits. We developed this product to allow a thin barrier to be installed between COTS code and the users. This means we can block attacks whilst not fixing the original code but still allowing the code to be maintained and updated.
- PFCLSTK: Having a consistent approach to securing Oracle databases is a cost and time saver and this is what this product provides. We provide a GUI driven interface to allow you to easily configure the security in your database and protect the data. This product includes a number of pre-defined toolkits that you can use and deploy to your databases.
- PFCLATK: This tool kit provides an easy to use policy based centralised audit trail solution for all of your databases. It provides a handy admin interface to manage consistent audit trails in every database and also a dashboard to understand the current threats and activity in all of your databases.
- PFCLForensics: This is a unique product allowing you to perform incident response against any Oracle database in a predefined and safe way. It also provides tools to perform forensic analysis of the incident. This allows artifacts to be easily presented in a time line with other correlations.
- PFCLSEO: This product is not database security specific but uses our core scanner technology. We show with this product which we use ourselves on our web sites that the scanning engines are indeed generic and can be used for any automated task
PFCLScan is a generic toolkit that provides scanning engines that can actually do anything you need. It includes lots of language engines to write checks in including SFTP, SSH, Windows shell, LUA, SQL, PL/SQL and more. Indeed to reflect this power we only need to look at PFCLScan itself. The "New Project" or "New Solution" uses a simplified plugin to run the report tool which uses a template to create the actual solutions or projects. The test database connection uses a plugin. A plugin is simply a PFCLScan project. The tool now has many predefined plugins that can be run from the plugins screen or from hook points. This means end users can easily replace a plugin or extend a plugin or write a new one to do what they need.
We will be adding many more products to the toolkit over time so please watch this space.