Trustwave Database Security Knowledgebase (ShatterKB) 6.32 is now available. It introduces new checks for PostgreSQL and Microsoft Azure SQL Database.
New Checks - Microsoft Azure SQL Database
User shared account removal Description: List temporal tables and check for user data modification information. Risk: Low
Stored procedures and functions that utilize dynamic code execution Description: List user-defined stored procedures and functions which have dynamic code execution capabilities. Risk: Medium
Ensure Encryption is Configured with AES Algorithm Description: Validate that for each database the [EncryptionState] is "ENCRYPTED" and the [EncryptionAlgorithm] returns one of the following values: [AES128], [AES192], or [AES256]. Risk: Medium
Temporal tables Description: Verify that all system versioned temporal tables exist. Risk: Low
New Checks - PostgreSQL
Vulnerability in PostgreSQL - CVE-2023-2454 Description: Check the database version to determine if the patch for CVE-2023-2454 is missing. Risk: High
Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.