RE: Pentesting on databases?

["Ziots, Edward" <EZiots () Lifespan org>]

The Penetration Test Execution Standard is a really good guide on
executing Pen tests in general. 

There are plenty of tools to do the testing of these systems, two that
come to mind are Metasploit and Backtrack. I would look on CIS webpage
for the latest on MYSQL Security checkkists. 

http://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2
.pdf

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
eziots () lifespan org


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of stayp0s
Sent: Wednesday, March 21, 2012 3:31 AM
To: pen-test () securityfocus com
Subject: Pentesting on databases?

Hi list,

I'm planning do a pen testing to ensure running databases(mysql,
postgreSQL, and so on) are secure.
Anyone has useful reference guidelines about that?

Thank you!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------