What is Scrubbr?

Scrubbr is a BSD-licensed database scanning tool that checks numerous database technologies for the presence of possible stored cross-site scripting attacks. The tool was partially inspired by "Scrawlr", a trimmed-down version of HP's WebInspect which was released for free after the so-called "asprox" mass-SQL injection bot exploited hundreds of thousands of insecure ASP sites.

If you can tell Scrubbr how to access your database, it will search through every field capable of holding strings in the database for malicious code. If you want it to, it will search through every table, every row, and every column. This will be very slow on large enterprise databases, but its very useful to have assurance that there is no malicious data anywhere in the system.

This is a sexy idea. Major kudos to the Aspect guys for yet again giving back to the Web Security Community.

This is another example of several new tools, projects, and products I've seen recently (some under NDA) that are premised on the fact that you will be hacked. Instead of prevention they are focused on detecting when you have been 0wn3d. I'm still not sure if this is the right approach but most of these solution are extremely cheap, have a low footprint, and do a fairly good job as there is a lot of low hanging fruit here.