We’re sorry. We could not find a match for your search.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try "application" instead of "software."
  • Start a new search.
Cloud Account Sign in to Cloud
Oracle Account
Oracle Database Security Assessment Tool

Oracle Database Security Assessment Tool

With data breaches growing every day along with the evolving set of data protection and privacy regulations, protecting business sensitive and regulated data is mission critical. However, knowing whether the database is securely configured, who can access it, and where sensitive personal data resides is a challenge for most organizations. As part of Oracle’s defense in depth capabilities, the Oracle Database Security Assessment Tool (DBSAT) helps identify areas where your database configuration, operation, or implementation introduces risks and recommends changes and controls to mitigate those risks.

Get the Details

Database Security Assessment Tool  Features


Oracle Database Security Assessment Tool (DBSAT) is a popular command-line tool that helps identify areas where your database configuration, operation, or implementation introduces risks and recommends changes and controls to mitigate those risks. DBSAT helps assess how securely the database is configured, determines who the users and their entitlements are, and identifies where sensitive data resides within the database.

The latest DBSAT 2.2.2 release can now differentiate between on-premises Oracle Databases, Autonomous Databases (Shared and Dedicated) and DBCS. Depending upon the database target type, DBSAT performs different checks and provides target-specific remarks. DBSAT 2.2.2 has also added new checks, improved accuracy of the existing checks, and clarified several remarks.

DBSAT is provided at no additional cost and enables customers to quickly find:

  • Security configuration issues, and how to remediate them
  • Users and their entitlements
  • Location, type, and quantity of sensitive data

The figure below summarizes the security status of a sample database, and categorizes its findings by risk levels.

Security status of a sample database

DBSAT analyzes information on the database and listener configuration to identify configuration settings that may unnecessarily introduce risk. DBSAT goes beyond simple configuration checking, examining user accounts, privilege and role grants, authorization control, separation of duties, fine-grained access control, data encryption and key management, auditing policies, and OS file permissions. DBSAT applies rules to quickly assess the current security status of a database and produce findings in all the areas above. For each finding, DBSAT recommends remediation activities that follow best practices to reduce or mitigate risk.

The Finding below shows which users have the powerful DBA role, and how that role was obtained (directly granted, granted via another role).

DBA roles

DBSAT also scans the database for sensitive data using customizable regular expression patterns, and reports on the amount and type of sensitive data found.  Besides providing the ability to search for sensitive data on English based data dictionaries (column names and comments) it also includes support for additional major European languages such as Dutch, French, Italian, German, Portuguese and Spanish.  This provides organizations with a deeper insight on how much sensitive data they have and where it resides, enabling them to then protect their databases through appropriate access controls, auditing, masking, and encryption.  The figure below shows a summary report from a scan of the database metadata.

sensitive data summary

Quick, Easy and Actionable Reports

DBSAT assists in evaluating the current security posture and helps you find out where sensitive data resides. DBSAT produces reports in multiple formats for different audiences and uses. DBSAT is easy to use and provides actionable reports with summary, detailed information, and prioritized recommendations.

Regulatory Compliance

Security configuration scanning and knowing where sensitive data resides is an essential part of regulatory compliance and key to EU General Data Protection Regulation (EU GDPR), Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley (SOX), HIPAA/HITECH, and numerous data privacy laws. DBSAT recommendations help minimize risk, enhance the overall security posture and accelerate the path to compliance (PDF).

  • Discover Sensitive and Personal data in Oracle Databases
  • Map Findings to GDPR Articles/Recitals, Oracle Database STIG Rules, and CIS Benchmark recommendations
  • Accelerate Data Protection Impact Assessments by assessing exposure to risk
  • Recommend security controls such as encryption, segregation of duties, pseudonymization, audit, among others that might help compliance

On-Premises and in the Cloud

DBSAT can be used whether your database runs on-premises, in customer-managed Database Cloud Services, or IaaS deployed databases, or in Autonomous Databases, providing a simple way to assess your Oracle Databases Security posture consistently across hybrid deployments. DBSAT executes different checks and delivers specific remarks depending on the assessed database target type.
DBSAT supports Oracle Database versions Oracle 11g through Oracle 21c.

To simultaneously run assessments on multiple databases, periodic schedule assessments, establish a security baseline and get a comparison report highlighting the drift between that baseline and the current database security assessment, customers can use Oracle Data Safe. Oracle Data Safe is a cloud service that works with databases running on Cloud and on-premises. Apart from assessment capabilities, Data Safe also provides Data Discovery, Data Masking, and Activity Monitoring capabilities.
Evaluate your database risks with DBSAT