WebApp Sec mailing list archives
RE: good database testing tools to guard against SQL injection for Microsoft, Oracle?
From: "Harbar, Spencer J." <spencer.harbar () dns co uk>
Date: Tue, 11 May 2004 12:40:56 +0100
SQL injection is a vulnerability in an application rather than the database environment itself. Check out AppScan from www.sanctuminc.com, WebInspect from www.SPIDynamics.com and scando from www.kavado.com which are all excpetional at spotting these vulns. Hth S. -----Original Message----- From: Earl.Perkins () metagroup com [mailto:Earl.Perkins () metagroup com] Sent: 10 May 2004 17:55 To: webappsec () securityfocus com Subject: good database testing tools to guard against SQL injection for Microsoft, Oracle? does anyone have recommendations for good database testing tools to spot and correct potential exploitation opportunities for SQL injection attacks in Microsoft and Oracle database environments? thanks. Earl L. Perkins Vice President, Security & Risk Strategies Technology Research Services META Group, Inc. http://www.metagroup.com earl.perkins () metagroup com Voice: 504-362-0291 Fax: 925-889-2523 META Group --- Return On Intelligence* ========================= *A service mark of META Group, Inc. ----------------------------------------------------------------- METAmorphosis 2004 META Group's 15th Annual Forum for Meeting Business and IT Change "The Adaptive Organization: Building Value by Remodeling for IT Flexibility" http://www.metagroup.com/mm2004 March-May 2004 San Diego - Chicago - Barcelona - Sydney - Johannesburg ----------------------------------------------------------------- --------------------------------------------------- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact email-integrity () dns co uk
Current thread:
- RE: good database testing tools to guard against SQL injection for Microsoft, Oracle? Harbar, Spencer J. (May 11)