Penetration Testing
Pentesting on databases? Mar 21 2012 07:31AM
stayp0s (stayp0s sec gmail com) (4 replies)
RE: Pentesting on databases? Mar 21 2012 07:10PM
Ziots, Edward (EZiots Lifespan org)
Re: Pentesting on databases? Mar 21 2012 04:43PM
Danux (danuxx gmail com)
Re: Pentesting on databases? Mar 21 2012 03:00PM
Eric Schultz (fire0088 gmail com) (2 replies)
RE: Pentesting on databases? Mar 21 2012 07:53PM
Ziots, Edward (EZiots Lifespan org)
Re: Pentesting on databases? Mar 21 2012 04:10PM
Ahmed S. Shibani (sheipani gmail com)
Re: Pentesting on databases? Mar 21 2012 02:08PM
Ramiro Caire (ramiro caire gmail com)
Hi mate,

take a look at:
http://www.symantec.com/connect/articles/secure-mysql-database-design

However, if the database is already running on production environment,
I suggest you use some of these tools:

http://www.ngssecure.com/services/information-security-software/ngs-squi
rrel-for-sql-server.aspx
http://www.ngssecure.com/services/information-security-software/ngs-squi
rrel-for-informix.aspx
http://www.ngssecure.com/services/information-security-software/ngs-squi
rrel-for-sybase-ase.aspx
http://www.ngssecure.com/services/information-security-software/ngs-squi
rrel-for-oracle.aspx
http://www.ngssecure.com/services/information-security-software/ngs-squi
rrel-for-db2.aspx

These tools analyze databases looking for security issues,
misconfigurations, etc. Very easy to use and powerful.

Hope this help.

Cheers
Ramiro

On Wed, Mar 21, 2012 at 4:31 AM, stayp0s <stayp0s.sec (at) gmail (dot) com [email concealed]> wrote:
>
> Hi list,
>
> I'm planning do a pen testing to ensure running databases(mysql,
> postgreSQL, and so on) are secure.
> Anyone has useful reference guidelines about that?
>
> Thank you!
>
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus