Sentrigo announced FuzzOr, an open source fuzzing tool for Oracle databases designed to identify vulnerabilities found in software applications written in PL/SQL code. The new utility allows PL/SQL programmers, database administrators (DBAs) and security professionals to identify and repair vulnerabilities that may be exploited via SQL injection and buffer overflow attacks—the most common techniques used by malicious hackers to launch attacks on databases.
Exploiting of weaknesses in application code running on top of corporate databases is a common attack vector. By gaining access to application schemas, hackers or privileged insiders can tap into the database itself, where the organizational “crown jewels” reside. FuzzOr is one of the first tools designed to detect vulnerabilities in these applications, providing an additional level of database security.
FuzzOr runs on Oracle database versions 8i and above to identify coding errors. A dynamic scanning tool, FuzzOr enables DBAs and security pros to test PL/SQL code inside Oracle-stored program units. Once vulnerabilities are detected by FuzzOr, a programmer can then repair the PL/SQL code. In cases of legacy or complex applications where code changes and repairs are more difficult to implement, FuzzOr seamlessly integrates into Sentrigo’s Hedgehog software products, and automatically generates virtual patching to alert on or prevent attempts to exploit the discovered vulnerabilities.
Sentrigo’s open source FuzzOr can be downloaded here.