Re: Oracle DB Audity

From: Pete Finnigan (plsql_at_petefinnigan.com)
Date: 03/25/04

Next message: David Cannings: "Re: nmap shows open UDP port 113"

Previous message: Gary Rollie: "RE: nmap shows open UDP port 113"
In reply to: Doty, Stephen (BearingPoint): "Oracle DB Audity"
Next in thread: Scott Egbert: "Re: Oracle DB Audity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 25 Mar 2004 21:09:02 +0000
To: PEN-TEST@securityfocus.com

In article <53A3C10BA714D511BA9300805FA7FB2A0E448259@usmnyexc05.us.kworl
d.kpmg.com>, Doty, Stephen (BearingPoint) <sdoty@bearingpoint.net>
writes
>
>Is anyone aware of free tools for Auditing an Oracle DB? If not, what other
>commercial tools exist in addition to the ISS Database scanner?
Hi,

I have a links to quite a few free scripts on my site as well as a big
list of commercial oracle security scanners and related software. The
free stuff includes penetration and check scripts for passwords, finding
databases, auditing file systems and listeners and database checks. I
also have links to two pl/sql based password crackers. About 20 free
tools and just over 20 commercial ones. Some of the commercial ones can
be downloaded for trial.

You can get this list at http://www.petefinnigan.com/tools.htm

You may also wish to take a look at my white papers page which includes
a lot of Oracle security papers and presentations but more importantly a
couple of big oracle security checklists. One is the Oracle S.C.O.R.E.
document from SANS that i wrote and is based on the SANS step-by-step
oracle security book. Also the CIS benchmark checklist is good and also
is based on the SANS guide in part. The papers and checklists can be
found at http://www.petefinnigan.com/orasec.htm

hth

Kind regards

Pete

-- 
Pete Finnigan
email:pete@petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------

Next message: David Cannings: "Re: nmap shows open UDP port 113"

Previous message: Gary Rollie: "RE: nmap shows open UDP port 113"
In reply to: Doty, Stephen (BearingPoint): "Oracle DB Audity"
Next in thread: Scott Egbert: "Re: Oracle DB Audity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]