Application Security, Inc., a provider of database security, risk, and compliance solutions for the enterprise, has announced that it will support Oracle's July 2009 CPU (critical patch update) for Oracle databases. The latest CPU contains 33 new security vulnerability fixes.
Application Security, Inc.'s products, including AppDetectivePro for auditors and IT advisors, and DbProtect for the enterprise, deliver comprehensive database security solutions. With every Oracle CPU, Application Security, Inc. uses a monthly process to enhance the AppDetectivePro and DbProtect solutions. Updates include monitoring filters for new security vulnerabilities, enabling customers to protect themselves during the deployment of new patches across their database infrastructure.
Of the 33 new vulnerability fixes, according to Application Security, Inc., four vulnerabilities were reported to Oracle by Team SHATTER, Application Security, Inc.'s global database security research team. Alex Rothacker, manager, Team SHATTER, R&D at Application Security, Inc., tells 5 Minute Briefing that "Team SHATTER consists of security professionals in the database field who try to find security flaws in existing databases and then communicate those to the database vendors. They also take this information and incorporate it into the Application Security products for improved security capabilities. The main vulnerability that Team SHATTER communicated to Oracle and which was included in the CPU dealt with SQL injections into Oracle Enterprise Manager. With this vulnerability, any user could gain access and execute code as though they were a systems administrator. This has now been corrected in the CPU."
Rothacker also said that "most of the other vulnerabilities that were corrected had to do with component technologies surrounding the core database, such as in the Oracle communications protocol, and in configuration management issues."
For more information, go here.