NT OBJECTives SQL Invader Tool Offers Free Vulnerability Testing
NT OBJECTives, a provider of web application security solutions, has just expanded its impressive portfolio of products with the release of the NTO SQL Invader tool. The user-friendly tool gives penetration testers and developers the power to identify and exploit SQL injection vulnerabilities contained within web applications. Such a tool could be deemed essential in today’s climate, as SQL injections have been used by cybercriminals to attack millions of sites in 2011 alone, leaving the critical data of many organizations at risk.
Contributed by wubayou Rating: / 1 December 14, 2011
Although the rush of SQL injection attacks has sparked the creation of several vulnerability testing tools, many are lacking in terms of functionality or usability. The actual exploitability of a vulnerability is often difficult to determine with such tools because most suffer the problem of being executed from a command line. Others offer clunky user interfaces, and some lack updated support. The lacking nature of existing SQL injection testing tools usually results in delays and conflicts between security and development departments. With NTO SQL Invader tool, these problems are alleviated, as penetration testers and developers can leverage a vulnerability in a swift and easy manner to view a back-end database’s list of records, tables, and user accounts.
NTO SQL Invader can be used by itself on a standalone basis, but it also integrates well with NT OBJECTives’ NTOSpider Dynamic Application Security Testing, or DAST, tool. Users can analyze and confirm results generated from NTOSpider and simultaneously solicit the help of NTO SQL Invader to offer additional information on the detected SQL injection vulnerabilities.
NTO SQL Invader’s intuitive user interface is one of its most appealing aspects. An injectable parameter or input can be detected by simply pasting the injectable request found by NTOSpider or another DAST tool into NTO SQL Invader and clicking the Start Detecting Injection option. Users can also input a more detailed request from NTOSpider’s report or BurpSuite directly into NTO SQL Invader.
The way in which NTO SQL Invader presents its findings is also impressive. The tool displays evidence of a vulnerability in a clear and concise manner that can be digested easily by either a technical or more business-minded audience. Furthermore, the data taken from SQL Invader can be transported with ease since it can be saved to a CSV file for use in a presentation.
Dan Kuykendall, co-CEO and CTO of NT OBJECTives, commented on NTO SQL Invader in the official press release: “Accurate vulnerability identification is a crucial and challenging task but it is only half the battle. We wanted to support organizations in their analysis and remediation efforts by providing an easy to use tool that enables penetration testers to demonstrate how these vulnerabilities can be exploited. We felt it was important to provide a free and useful tool to our customers and to the entire community.”
Additional information on NTO SQL Invader as well as a download link to the tool can be found by visiting the product’s official page at www.ntobjectives.com/sqlinvader.
Speedy Cash Chooses Confio for SQL Server Performance Management Needs
Speedy Cash, a global provider of financial services and short term loans, announced that it has chosen Confio Software, a database performance solutions provider, for its SQL Server and virtual server performance management needs. Speedy Cash has adopted the use of Ignite, Confio’s flagship product, to help with serving its 200-plus stores in the United States, Canada, and the United Kingdom, as well as its online business that operates worldwide. Available for DB2, Oracle, SQL Server, Sybase, and VMware, Ignite uses response-time analysis and historical trend analysis to help identify and resolve costly performance issues.
By employing Confio’s Ignite for SQL Server and IgniteVM for SQL Server offerings, Speedy Cash has successfully improved the performance of numerous SQL Server applications vital to its day to day business, such as payment processing, reporting, the processing of customer applications, and mailing list developments.
Randall Neth, Speedy Cash’s director of database administration, discussed the advantages of using Ignite in the official press release: “Aside from enabling us to easily determine which queries were having issues, the greatest benefit of Ignite is that we can isolate different variables, such as users, machines and applications. Because our applications contain such vast amounts of data, having the ability to slice and dice a query to determine the root cause of performance issues is a significant advantage.”
Mark Tumminello, regional account manager with Confio, added: “Speedy Cash has differentiated itself on customer service, which means that it is unacceptable for technology issues to get in the way of its ability to serve a customer through quick payment processing or application approval. By implementing Ignite, Speedy Cash has reassurance that if any business application relying on database functionality is performing poorly, it can quickly and easily trouble-shoot the issue before it hinders its customers' experiences.”
MS SQL Server 
Idera Compliance Manager 3.5 and SQL Server 2012 Release Candidate
