RE: good database testing tools to guard against SQL injection for Microsoft, Oracle?

["Harbar, Spencer J." <spencer.harbar () dns co uk>]

SQL injection is a vulnerability in an application rather than the
database environment itself.

Check out AppScan from www.sanctuminc.com, WebInspect from
www.SPIDynamics.com and scando from www.kavado.com which are all
excpetional at spotting these vulns.

Hth
S.


-----Original Message-----
From: Earl.Perkins () metagroup com [mailto:Earl.Perkins () metagroup com] 
Sent: 10 May 2004 17:55
To: webappsec () securityfocus com
Subject: good database testing tools to guard against SQL injection for
Microsoft, Oracle?

does anyone have recommendations for good database testing tools to spot
and correct potential exploitation opportunities for SQL injection
attacks in Microsoft and Oracle database environments?
thanks.

Earl L. Perkins
Vice President, Security & Risk Strategies Technology Research Services
META Group, Inc.     http://www.metagroup.com
earl.perkins () metagroup com
Voice: 504-362-0291   Fax: 925-889-2523

META Group --- Return On Intelligence*
=========================
*A service mark of META Group, Inc.





-----------------------------------------------------------------
                       METAmorphosis 2004 META Group's 15th Annual Forum
for Meeting Business and IT Change

 "The Adaptive Organization: Building Value by Remodeling for IT
                          Flexibility"
                 http://www.metagroup.com/mm2004

                         March-May 2004
     San Diego - Chicago - Barcelona - Sydney - Johannesburg
-----------------------------------------------------------------






---------------------------------------------------
This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses.

For further information contact email-integrity () dns co uk