The Penetration Test Execution Standard is a really good guide on
executing Pen tests in general.
There are plenty of tools to do the testing of these systems, two that
come to mind are Metasploit and Backtrack. I would look on CIS webpage
for the latest on MYSQL Security checkkists.
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of stayp0s
Sent: Wednesday, March 21, 2012 3:31 AM
To: pen-test (at) securityfocus (dot) com [email concealed]
Subject: Pentesting on databases?
Hi list,
I'm planning do a pen testing to ensure running databases(mysql,
postgreSQL, and so on) are secure.
Anyone has useful reference guidelines about that?
This list is sponsored by: Information Assurance Certification Review
Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
executing Pen tests in general.
There are plenty of tools to do the testing of these systems, two that
come to mind are Metasploit and Backtrack. I would look on CIS webpage
for the latest on MYSQL Security checkkists.
http://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2
.pdf
Z
Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
eziots (at) lifespan (dot) org [email concealed]
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of stayp0s
Sent: Wednesday, March 21, 2012 3:31 AM
To: pen-test (at) securityfocus (dot) com [email concealed]
Subject: Pentesting on databases?
Hi list,
I'm planning do a pen testing to ensure running databases(mysql,
postgreSQL, and so on) are secure.
Anyone has useful reference guidelines about that?
Thank you!
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]