Re: Pentesting on databases?



Hi mate,

take a look at:
http://www.symantec.com/connect/articles/secure-mysql-database-design

However, if the database is already running on production environment,
I suggest you use some of these tools:

http://www.ngssecure.com/services/information-security-software/ngs-squirrel-for-sql-server.aspx
http://www.ngssecure.com/services/information-security-software/ngs-squirrel-for-informix.aspx
http://www.ngssecure.com/services/information-security-software/ngs-squirrel-for-sybase-ase.aspx
http://www.ngssecure.com/services/information-security-software/ngs-squirrel-for-oracle.aspx
http://www.ngssecure.com/services/information-security-software/ngs-squirrel-for-db2.aspx

These tools analyze databases looking for security issues,
misconfigurations, etc. Very easy to use and powerful.

Hope this help.

Cheers
Ramiro


On Wed, Mar 21, 2012 at 4:31 AM, stayp0s <stayp0s.sec@xxxxxxxxx> wrote:

Hi list,

I'm planning do a pen testing to ensure running databases(mysql,
postgreSQL, and so on) are secure.
Anyone has useful reference guidelines about that?

Thank you!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages