Penetration Testing mailing list archives
Re: Oracle DB Audity
From: Pete Finnigan <plsql () petefinnigan com>
Date: Thu, 25 Mar 2004 21:09:02 +0000
In article <53A3C10BA714D511BA9300805FA7FB2A0E448259 () usmnyexc05 us.kworl d.kpmg.com>, Doty, Stephen (BearingPoint) <sdoty () bearingpoint net> writes
Is anyone aware of free tools for Auditing an Oracle DB? If not, what other commercial tools exist in addition to the ISS Database scanner?
Hi, I have a links to quite a few free scripts on my site as well as a big list of commercial oracle security scanners and related software. The free stuff includes penetration and check scripts for passwords, finding databases, auditing file systems and listeners and database checks. I also have links to two pl/sql based password crackers. About 20 free tools and just over 20 commercial ones. Some of the commercial ones can be downloaded for trial. You can get this list at http://www.petefinnigan.com/tools.htm You may also wish to take a look at my white papers page which includes a lot of Oracle security papers and presentations but more importantly a couple of big oracle security checklists. One is the Oracle S.C.O.R.E. document from SANS that i wrote and is based on the SANS step-by-step oracle security book. Also the CIS benchmark checklist is good and also is based on the SANS guide in part. The papers and checklists can be found at http://www.petefinnigan.com/orasec.htm hth Kind regards Pete -- Pete Finnigan email:pete () petefinnigan com Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- Oracle DB Audity Doty, Stephen (BearingPoint) (Mar 24)
- RE: Oracle DB Audity Kelly Winters (Mar 24)
- Re: Oracle DB Audity Nexus (Mar 24)
- Re: Oracle DB Audity sil (Mar 24)
- RE: Oracle DB Audity Duy Trac (Mar 25)
- Re: Oracle DB Audity Rikard Skjelsvik (Mar 25)
- Re: Oracle DB Audity Pete Finnigan (Mar 25)
- <Possible follow-ups>
- RE: Oracle DB Audity Rosado, Rafael (Rafael) (Mar 24)
- RE: Oracle DB Audity Chris McNab (Mar 25)
- Re: Oracle DB Audity Scott Egbert (Mar 26)