Scuba Security Audit Findings: 2005 Text formatting, unchecked buffers

  • I am a fairly new MS SQL database administrator, (with considerable SQL programmer/developer experience). My new company hired me fast because I was the best qualified database professional available immediately. They needed someone in here pronto to help them pass a federal security audit comming up early next month. The second week I was working, federal auditors came in here to run Scuba scans, (by Imperva), of our databases. I've managed to get a good momentum elliminating these findings and have only put my users on ice a couple of times in the month since then ;-).

    We only have a month left and now I have this annoying Scuba finding affecting my 2005 and 2008 databases - and thus endangering our audit success. Problem is, I can only find documentation on this issue for version 7 and 2000 - not 2005 or 2008. I had been working off my own Scuba scans and ignoring that finding. Today, we received the official report and it lists this issue, too. I imagined that the feds would comb through the Scuba findings and realize that that particular issue wasn't valid. I know, I know - how naive!

    Has anyone ever effectively documented - or remidiated, if possible, this finding in Scuba? If so, I would greatly appreciate any guidance.

    Thank you for your consideration and assistance!

    - Jackie

    Versions:

    9.0.5292 on 2003 R2 SP2

    9.0.5069 on 2008 R2 Standard SP1

Viewing 0 posts

You must be logged in to reply to this topic. Login to reply