Re: SQLi Vulnerability Scanners

From: Benjamin Greenfield <bcg@xxxxxxxxxxxxx>
Date: Fri, 17 Jul 2009 15:43:19 -0400

sqlmap is an awesome tool:
http://sqlmap.sourceforge.net/

However, it actually tests for injection. It supports a wide variety
of DB backends and platforms.

On Wed, Jul 15, 2009 at 9:39 AM, pma111<pmaneedham@xxxxxxxxxxx> wrote:

Can anyone recommend any decent SQL Injection vulnerability scanners (free
ideally, and if they have a GUI even better) that will identify if any of
our pages/forms are suceptible to SQL injection, rather than perform the
actual injection? Pages have been developed in Asp.net / C# (as I know some
tools are specific to what the page was developed in), backend DB of SQL
Server 2000.

Thanks,
--
View this message in context: http://www.nabble.com/SQLi-Vulnerability-Scanners-tp24498086p24498086.html
Sent from the Penetration Testing mailing list archive at Nabble.com.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Follow-Ups:
- Re: SQLi Vulnerability Scanners
  - From: Anthony Cicalla

References:
- SQLi Vulnerability Scanners
  - From: pma111

Prev by Date: Re: Verify Your Security Provider -- The truth behind manual testing.
Next by Date: Re: Verify Your Security Provider -- The truth behind manual testing.
Previous by thread: Re: SQLi Vulnerability Scanners
Next by thread: Re: SQLi Vulnerability Scanners
Index(es):
- Date
- Thread

Relevant Pages

Re: SQLi Vulnerability Scanners
... it actually tests for injection. ... actually do a proper penetration test. ... full practical examination in order to become certified. ... Information Assurance Certification Review Board ...
(Pen-Test)
Cachedump - compatible with Windows Vista/7/2008
... cachedump remotely without injection into LSASS. ... compatible with new version on Microsoft Windows, ... Information Assurance Certification Review Board ...
(Pen-Test)