Sentrigo, Inc., a provider of database security software, today announced FuzzOr, an open source fuzzing tool for Oracle databases designed to find vulnerabilities in software applications written in PL/SQL code. The new utility is intended to allow PL/SQL programmers, DBAs and security professionals to identify and repair vulnerabilities that may be exploited via SQL injection and buffer overflow attacks, techniques used by hackers to launch attacks on databases.
"There are thousands of applications out there that have a lot of PL/SQL code that was never really tested for security vulnerabilities-not by the application developers and not by anyone else," Slavik Markovich, co-founder and CTO of Sentrigo, tells 5 Minute Briefing. According to the company, with hackers using increasingly sophisticated techniques to attack databases, proactive testing conducted on a regular basis can help alert organizations to potential vulnerabilities that might otherwise go unnoticed. "What we are trying to do is to provide DBAs and developers with a really simple tool to do an automatic testing of the PL/SQL code and to test for those vulnerabilities."
Sentrigo's FuzzOr utility runs on Oracle Database versions 8i and above to identify coding errors. A dynamic scanning tool, FuzzOr enables DBAs and security pros to test PL/SQL code inside Oracle-stored program units. Once vulnerabilities are detected by FuzzOr, a programmer can then repair the PL/SQL code. In cases of legacy or complex applications where code changes and repairs are more difficult to implement, FuzzOr seamlessly integrates into Sentrigo's Hedgehog software products, and automatically generates virtual patching to alert on or prevent attempts to exploit the discovered vulnerabilities.
Sentrigo's open source FuzzOr can be downloaded at no charge from Sentrigo's website.