Database



The relational database management system is the workhorse powering web applications and other business processes grounded in information technology. There are two aspects to protecting databases from exploits. First is the code that brings each application to life. Managing code-based vulnerabilities entails static line-by-line review or each program, coupled with dynamic scanning of finished applications such as with QualysGuard Web Application Security. But there's a "meat-and-potatoes" aspect to securing databases that also must not be ignored: Continuous monitoring of access controls and other settings that directly affect the database.



How Qualys Solutions Help You Protect Databases

Qualys solutions in the QualysGuard IT Security and Compliance Suite enable stronger security for relational databases.


QualysGuard Vulnerability Management provides the ability to remotely detect more than 540 vulnerabilities for database platforms including Oracle, Microsoft SQL Server, DB2, MySQL, and Postgres.


QualysGuard Policy Compliance also supports access control and database settings for the following relational database management systems:

The table below provides a small sample subset of access controls and database settings addressed by QualysGuard Policy Compliance for Oracle 11g. For a complete list of controls to this, or other database management systems, please contact us for more information.

Oracle 11g Database Control ID
(sample subset)
Statement Addressed by QualysGuard Policy Compliance
Access Control 1786 Current list of accounts having access to 'WITH GRANT' privilege
Access Control 1785 Current list of accounts having access to 'WITH ADMIN' privilege
Access Control 1784 Current list of accounts having access to 'X$' tables
Access Control 1556 Current list of accounts having privileges assigned directly (Guidance = None)
Access Control 1464 Current list of 'roles' that are not password protected (Guidance = None)
Access Control 1461 Revocation of the PUBLIC privilege within the DBMS_OBFUSCATION_TOOLKIT
Access Control 1354 Current list of accounts having access to the 'CREATE' privilege
Database Setting 3427 Status of the Oracle 'System Identifier' (SID)
Database Setting 3404 Current list of ORACLE accounts with 'PRIVATE_SGA' set to 'UNLIMITED'
Database Setting 3403 Status of the 'PRIVATE_SGA' setting
Database Setting 3395 Current list of 'ORACLE accounts with CPU_PER_SESSION set to UNLIMITED'
Database Setting 3392 Status of the 'CPU_PER_SESSION' setting
Database Setting 3391 Current list of 'ORACLE accounts with IDLE_TIME set to UNLIMITED'
Database Setting 3390 Status of the 'IDLE_TIME' setting (in minutes)
Qualys Solutions
Qualys Community
Free Tools & Trials
Free Trial

Nothing to install or download!

1 (800) 745 4355