These tools analyze databases looking for security issues,
misconfigurations, etc. Very easy to use and powerful.
Hope this help.
Cheers
Ramiro
On Wed, Mar 21, 2012 at 4:31 AM, stayp0s <stayp0s.sec (at) gmail (dot) com [email concealed]> wrote:
>
> Hi list,
>
> I'm planning do a pen testing to ensure running databases(mysql,
> postgreSQL, and so on) are secure.
> Anyone has useful reference guidelines about that?
>
> Thank you!
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
take a look at:
http://www.symantec.com/connect/articles/secure-mysql-database-design
However, if the database is already running on production environment,
I suggest you use some of these tools:
http://www.ngssecure.com/services/information-security-software/ngs-squi
rrel-for-sql-server.aspx
http://www.ngssecure.com/services/information-security-software/ngs-squi
rrel-for-informix.aspx
http://www.ngssecure.com/services/information-security-software/ngs-squi
rrel-for-sybase-ase.aspx
http://www.ngssecure.com/services/information-security-software/ngs-squi
rrel-for-oracle.aspx
http://www.ngssecure.com/services/information-security-software/ngs-squi
rrel-for-db2.aspx
These tools analyze databases looking for security issues,
misconfigurations, etc. Very easy to use and powerful.
Hope this help.
Cheers
Ramiro
On Wed, Mar 21, 2012 at 4:31 AM, stayp0s <stayp0s.sec (at) gmail (dot) com [email concealed]> wrote:
>
> Hi list,
>
> I'm planning do a pen testing to ensure running databases(mysql,
> postgreSQL, and so on) are secure.
> Anyone has useful reference guidelines about that?
>
> Thank you!
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]