Trustwave Database Security Knowledgebase (ShatterKB) 6.32 is now available. It introduces new checks for PostgreSQL and Microsoft Azure SQL Database.
New Checks - Microsoft Azure SQL Database
- User shared account removal
Description: List temporal tables and check for user data modification information.
Risk: Low
- Stored procedures and functions that utilize dynamic code execution
Description: List user-defined stored procedures and functions which have dynamic code execution capabilities.
Risk: Medium
- Ensure Encryption is Configured with AES Algorithm
Description: Validate that for each database the [EncryptionState] is "ENCRYPTED" and the [EncryptionAlgorithm] returns one of the following values: [AES128], [AES192], or [AES256].
Risk: Medium
- Temporal tables
Description: Verify that all system versioned temporal tables exist.
Risk: Low
New Checks - PostgreSQL
- Vulnerability in PostgreSQL - CVE-2023-2454
Description: Check the database version to determine if the patch for CVE-2023-2454 is missing.
Risk: High
Availability
- Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
- Download SHATTER Knowledgebase from the Trustwave Support Portal. (https://www.trustwave.com/company/support/ and select AppDetectivePRO or DbProtect)
- AppDetectivePRO customers can use the Updater within the product as well