Re: Database pen-testing tools

Congrats on the new job.

Thor (Hammer of God) wrote:
As leaders in database vulnerability research, NGS Software has some excellent audit and assessment tools available for database installations. You can check them out at:
www.ngssoftware.com

Word on the street is that some dude named "Tim Mullen" or some such just started working with them, and he seems to be a nice enough guy, so I'll go out on a limb and recommend NGS as well ;)

t

----- Original Message ----- From: "Erin Carroll" <amoeba@xxxxxxxxxxxxxx>
To: <pen-test@xxxxxxxxxxxxxxxxx>
Sent: Friday, May 18, 2007 12:22 PM
Subject: Database pen-testing tools


List members,

Does anyone have some suggestions or experience with database-specific
pen-testing tools that you would recommend? I am by no stretch of the
imagination a DBA (I run at the first sign of the words "Relational
Database") so tools that don't require a large amount of DBA-ish background
to use to their full potential would be of particular interest.

The database testing market seems to be growing rapidly now and some
recommendations of tools to look at would be useful. I've played around with
NGSSquirrel, AppSec, have experience with some Oracle-specific tools of
course...and ran into a new player in the market (Securno) at InfoSec
Europe. Just wondering what other players are out there that are effective
or you've played with.


--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball"


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------





------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Relevant Pages

  • Re: [Info-Ingres] E_UG0009 Fatal memory allocation error in routine IIUGhiHtabInit.
    ... UPGRADEFE VISION on that database. ... And the copydb still failed. ... E_UG0009 Fatal memory allocation error in routine 'IIUGhiHtabInit'. ...
    (comp.databases.ingres)
  • Re: User-controlled form creation
    ... Somewhere down the line I would like to achieve this same vision. ... picturing users would first create the database independently somewhere else ... and drag the fields from a data explorer onto the form. ... driven by the database) eg combo boxes with lists to select from, ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: No knowledge of the database?
    ... > relational database systems in the past. ... distiction between database logic (business rules) and application ... Codd's original vision for RDB, and the vision of many of us ... > RDB systems of today are quite complex and quite marvelous in their way, ...
    (comp.object)
  • Re: Database pen-testing tools
    ... Subject: Database pen-testing tools ... Database") so tools that don't require a large amount of DBA-ish ... Are you using SPI, Watchfire or WhiteHat? ... Consider getting clear vision with Cenzic ...
    (Pen-Test)
  • Re: Sneaking a peek on Wlan in airports
    ... Are you using SPI, Watchfire or WhiteHat? ... Consider getting clear vision with Cenzic See HOW Now with ...
    (Pen-Test)