Penetration Testing mailing list archives
Re: Pentesting on databases?
From: Ramiro Caire <ramiro.caire () gmail com>
Date: Wed, 21 Mar 2012 11:08:36 -0300
Hi mate, take a look at: http://www.symantec.com/connect/articles/secure-mysql-database-design However, if the database is already running on production environment, I suggest you use some of these tools: http://www.ngssecure.com/services/information-security-software/ngs-squirrel-for-sql-server.aspx http://www.ngssecure.com/services/information-security-software/ngs-squirrel-for-informix.aspx http://www.ngssecure.com/services/information-security-software/ngs-squirrel-for-sybase-ase.aspx http://www.ngssecure.com/services/information-security-software/ngs-squirrel-for-oracle.aspx http://www.ngssecure.com/services/information-security-software/ngs-squirrel-for-db2.aspx These tools analyze databases looking for security issues, misconfigurations, etc. Very easy to use and powerful. Hope this help. Cheers Ramiro On Wed, Mar 21, 2012 at 4:31 AM, stayp0s <stayp0s.sec () gmail com> wrote:
Hi list, I'm planning do a pen testing to ensure running databases(mysql, postgreSQL, and so on) are secure. Anyone has useful reference guidelines about that? Thank you! ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Pentesting on databases? stayp0s (Mar 21)
- Re: Pentesting on databases? Eric Schultz (Mar 21)
- Re: Pentesting on databases? Ahmed S. Shibani (Mar 21)
- RE: Pentesting on databases? Ziots, Edward (Mar 21)
- Re: Pentesting on databases? Ramiro Caire (Mar 21)
- RE: Pentesting on databases? Ziots, Edward (Mar 21)
- Re: Pentesting on databases? Danux (Mar 21)
- Re: Pentesting on databases? Eric Schultz (Mar 21)