Penetration Testing
Pentesting on databases? Mar 21 2012 07:31AM
stayp0s (stayp0s sec gmail com) (4 replies)
RE: Pentesting on databases? Mar 21 2012 07:10PM
Ziots, Edward (EZiots Lifespan org)
The Penetration Test Execution Standard is a really good guide on
executing Pen tests in general.

There are plenty of tools to do the testing of these systems, two that
come to mind are Metasploit and Backtrack. I would look on CIS webpage
for the latest on MYSQL Security checkkists.

http://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2

.pdf

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
eziots (at) lifespan (dot) org [email concealed]

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of stayp0s
Sent: Wednesday, March 21, 2012 3:31 AM
To: pen-test (at) securityfocus (dot) com [email concealed]
Subject: Pentesting on databases?

Hi list,

I'm planning do a pen testing to ensure running databases(mysql,
postgreSQL, and so on) are secure.
Anyone has useful reference guidelines about that?

Thank you!

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]
Re: Pentesting on databases? Mar 21 2012 04:43PM
Danux (danuxx gmail com)
Re: Pentesting on databases? Mar 21 2012 03:00PM
Eric Schultz (fire0088 gmail com) (2 replies)
RE: Pentesting on databases? Mar 21 2012 07:53PM
Ziots, Edward (EZiots Lifespan org)
Re: Pentesting on databases? Mar 21 2012 04:10PM
Ahmed S. Shibani (sheipani gmail com)
Re: Pentesting on databases? Mar 21 2012 02:08PM
Ramiro Caire (ramiro caire gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus