WebApp Sec mailing list archives
RE: good database testing tools to guard against SQL injection fo r Microsoft, Oracle?
From: "Murtland, Jerry" <MurtlandJ () Grangeinsurance com>
Date: Tue, 11 May 2004 10:15:42 -0400
Foundstone has quite a few good tactical scanning tools such as SQLSCAN. There are some others as well such as RPCscan. I'd take a look at those. They are located under resources at www.foundstone.com. Goodluck. Jerry J. Murtland, CISSP Sr. Data Security Analyst -----Original Message----- From: Harbar, Spencer J. [mailto:spencer.harbar () dns co uk] Sent: Tuesday, May 11, 2004 7:41 AM To: Earl.Perkins () metagroup com; webappsec () securityfocus com Subject: RE: good database testing tools to guard against SQL injection for Microsoft, Oracle? SQL injection is a vulnerability in an application rather than the database environment itself. Check out AppScan from www.sanctuminc.com, WebInspect from www.SPIDynamics.com and scando from www.kavado.com which are all excpetional at spotting these vulns. Hth S. -----Original Message----- From: Earl.Perkins () metagroup com [mailto:Earl.Perkins () metagroup com] Sent: 10 May 2004 17:55 To: webappsec () securityfocus com Subject: good database testing tools to guard against SQL injection for Microsoft, Oracle? does anyone have recommendations for good database testing tools to spot and correct potential exploitation opportunities for SQL injection attacks in Microsoft and Oracle database environments? thanks. Earl L. Perkins Vice President, Security & Risk Strategies Technology Research Services META Group, Inc. http://www.metagroup.com earl.perkins () metagroup com Voice: 504-362-0291 Fax: 925-889-2523 META Group --- Return On Intelligence* ========================= *A service mark of META Group, Inc. ----------------------------------------------------------------- METAmorphosis 2004 META Group's 15th Annual Forum for Meeting Business and IT Change "The Adaptive Organization: Building Value by Remodeling for IT Flexibility" http://www.metagroup.com/mm2004 March-May 2004 San Diego - Chicago - Barcelona - Sydney - Johannesburg ----------------------------------------------------------------- --------------------------------------------------- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact email-integrity () dns co uk
Current thread:
- RE: good database testing tools to guard against SQL injection fo r Microsoft, Oracle? Murtland, Jerry (May 11)