Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

PFCLScan - Version 3.0

PFCLScan Version 3.0 Dashboard and Single Page report

We are very excited to announce that we are currently working to have version 3.0 of PFCLScan our flagship database security scanner for the Oracle database. We will be ready for sale in September and this development is going really well. I just wanted to give a quick update on progress and a first discussion on the new updates / changes to be added for version 3.0.

The first major change that will not affect many people - in the sense that they will not really notice it - is that we re-wrote major parts of the Windows interface to use a more up to date screen components; this is around the Ribbon menus, the dockable windows and the results grids. This major re-write was stability and commitment to support of the interface. PFCLScan was working fine but some customers using Windows 10 builds 1709 and 1803 experienced some issues that could not be fixed as the components we used unfortunately had support stopped. So we committed quickly to a major re-write and this part is now complete.

Another major change to the interface / tool is the addition of plugins. Again most users will not notice this as its used in the background BUT we needed it to enable other features to be added more easily and we hope that most users will benefit from the plugins we plan to add. Actually a first version of Pugins is already there in version 2.0 but most people will not have noticed and in version 2.0 it was not flexible to allow new plugins to be run. The test database connection and the test server connection in the respective "manage database connections" and "manage server connections" screens were actually a first version of plugins. We have now re-written the plugin architecture and enabled it properly. So the two connection plugins for database and server are now proper plugins and could be dynamically replaced - why would you..:-) but you could.

A plugin in PFCLScan is actually just a normal PFCLScan project; so end users can create a new project to do something and add it to the plugins screen and then run it or they could substitute an existing plugin for theirs to customise what is run at the plugin time. We have added a number of "hook-points" to the interface and these are accessible via the plugins screen to configure. Each "Hook-point" represents a place in the interface where plugins can run. We provide standard plugins for each hook point BUT the end user can create their own if they wish and the interface will run them for you.

This creates a powerful interface as its possible to extend the scanner without changing it. Some of the hook points we already added are:

  • Test database connection

  • Test server connection

  • Before a scan

  • After a scan

  • After Error



We have provided plugins for these places and you can view them or change them; it's up to you. For instance the before a scan hook point is used to run a plugin that tests that the Oracle database user to be used for the scan has the correct permissions to run the scan. This is great as we get customers raising a ticket to say a scan errored and actually it was because the database user that they used was missing a permission. The permissions are covered in the manual of course.

Going forwards We plan to add many more plugins around many areas. A flavour is here:

  • Compare databases security - we can do this now but a plugin will be better

  • Compare scans - we can do this now but a plugin will be better

  • The new dashboard will be populated by a plugin

  • Convert a project to a plugin template

  • Allow us to implement more hands on tools - Forensics timeline, PL/SQL Code analysis, Audit Trail toolkit interface....

  • Find things, projects, policies, reports....

  • Many more


We have also added a new dashboard to the scanner to review all of the scans of databases that have taken place and all of the databases that have been scanned. This is a one stop shop to see the current average security state of all databases across the enterprise or a single database. The security is also been down into 8 distinct security categories and you can view the security progress in each category across the who database or for individual databases. You can also view the number of errors broken down across the whole database or categories and by severity from critical to medium.

The second major improvement to help you manage the security of all databases or individual databases is a new single page score report for a single database. This is a major tool for management to see at a very high level the security of a single database and how that security is broken down across 8 distinct categories of security issues in your databases. The report is also clever as it can suggest where the best improvements to overall database security can be gained by targeting your fixes - All of this in one page!!

The single page score report and the dashboard of course show the same details for each database.

Of course PFCLScan supports creating projects that allow you to scan multiple databases in one scan / project and as such there is also multi database version of the single page database security score report.

We have also been adding hundreds of new Oracle security checks to our scanner policies. We are also adding new reports and some new project types - more details to follow

Due to customer feedback; and whilst our reporting language is very simple and easy to create and write your own reports even if you are not a programmer
We will also add the ability to choose some simple customisations on the main database security report.

Version 3.0 will be released in September so if you have a valid license you will get a copy; Version 4.0 is also being developed and the roadmap for version 4.0 will include integration of our audit trail toolkit for activity monitoring of database engine use; This is called PFCLATK and is discussed here. We will also include SQL Server and Postgress and mySQL, MariaDB etc in version 4.0. This will be released in January 2020.

We have also been looking for new resellers for PFCLScan and some are signed up and will be added to the reseller page soon BUT we are interested to talk to any company who would like to represent PFCLScan in their region. Please contact me to discuss details and to become a reseller for us. One of the big advantages for you to reselling a database vulnerability scanner if you are a service company is that you can easily upset services such as help with policy, custom reports and of course help with correcting the issues located. Its a win-win for us and also for resellers.

Our license fees for Engagement, Pro and Enterprise licenses have been held for a number of years at their current levels and we will be adding a reasonable price increase in September to coincide with the release of Version 3.0. So buy now to get the lower license fees and if you buy a Pro or Enterprise license now you will get version 3.0 and version 4.0 updated versions when they are released.

Contact us now to book your online demo via webex or to purchase a license.

Thanks for listening!