Application Security Inc. Rounds Out Database Protection Offering with Application Server Security

San Francisco, CA, NetSec Conference — June 16, 2004 — Application Security, Inc. (www.appsecinc.com), the leading provider of proactive database security solutions, announced the latest release of its flagship database vulnerability assessment (VA) solution, AppDetective. This latest version supports the application sever, or middleware vulnerabilities, specifically securing Oracle Application Server and Lotus Domino 6.5. With this latest release, AppSecInc continues to provide customers with the broadest application layer security services in a single integrated VA tool. AppDetective provides comprehensive protection for critical assets from the database and middleware applications to the Web application interface.

As an integral part of the enterprise database infrastructure, application servers are used to store business logic and data access services that are critical to running business operations. These ?middleware? servers are becoming increasingly vulnerable to a variety of known security threats including misconfigurations, password attacks, worms, and Trojans. Recent breaches at BJs Wholesale Club and Ingram Micro highlight how easily a hacker can breach these systems. News of more sophisticated breaches are on the rise across many industries worldwide.

Today’s enterprise manages a wealth of data with real dollar value to a criminal or competitor,? said Rich Mogull, Security Analyst at Gartner. There’s also been a recent onslaught of regulations with data protection requirements, including GLBA, HIPAA, Sarbanes-Oxley, the EU Data Protection Directives and California 1798 (formerly State Bill 1386). Security directors and vendors can recite this list without thought, and new regulations are on the way. None of these regulations specify specific security precautions, but all require the protection of enterprise data, which can?t be managed with perimeter security alone. Now is the time to protect our assets as well as we protect our walls and doors.

AppDetective for Application Servers possesses the product’s trademark features such as discovery across all ports, comprehensive checks and tests, Role-Based Access, reporting across platforms, a distributed architecture, and scheduling. AppDetective for Application Servers accurately locates and identifies all of the Oracle Application Server, or Lotus Domino installations within a network. Other features include non-intrusive attack simulations, and in-depth “agent-less” security audit.

?To truly protect data where it resides, customers need to protect the entire database, said Ted Julian, vice president of marketing for AppSecInc. Much like network security, database security involves securing several areas, including the application server. Our commitment to providing best-of-breed applications and database security products has led us to develop a holistic and layered approach which is easy for customers to implement.

AppDetective for Application Servers allows customers to run the most complete checks and tests for middleware – of any VA tool in the industry such as:

Unauthorized Access: Middleware applications can be attacked directly through open ports, unnecessary services, and protocols.
Misconfigurations: The wrong mix of configuration settings can render an Oracle Application Server vulnerable to attack.
Denial of Services and Buffer Overflows: Direct attacks encompassing malicious application input.
Password Attacks: Against default and weak account/passwords.
Worms and Trojans: Unpatched servers and unnecessary services leave application servers open to these.
With the addition of Oracle Application Server and Lotus Domino 6.5 support, AppDetective allows for truly holistic enterprise-wide database security deployments. This enterprise solution allows for distributed scanning across different departments and business units.

As part of this release, the AppDetective for Web Apps module has also been upgraded to provide assessment of Oracle Application Server-specific pages for vulnerabilities such as SQL Injection and Cross Site Scripting.

Pricing and Availability
AppDetective for Oracle Application Server and Lotus Domino 6.5 is currently available. An evaluation version can be downloaded from the company?s website at http://www.appsecinc.com. For details on pricing please call us at 1-866-927-7732.

About Application Security, Inc.
AppSecInc is the leading provider of database security solutions. AppSecInc products proactively secure applications by discovering, assessing, and protecting the database against rapidly changing security threats. By securing data at its source, we enable organizations to more confidently extend communications with other agencies, constituents, and partners. Our security experts, combined with our strong support team, deliver up-to-date database safeguards that minimize risk and eliminate its impact on business. Please contact us at 1-866-927-7732 to learn more, or visit us on the web at www.appsecinc.com.