Re: Database pen-testing tools

From: Thor (Hammer of God) (thor@hammerofgod.com)
Date: Fri May 18 2007 - 16:11:54 EDT

• Next message: Richard Brinson: "RE: Legality of WEP Cracking"
• Previous message: Tim Shea: "Re: Legality of WEP Cracking"
• Maybe in reply to: Erin Carroll: "Database pen-testing tools"
• Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Database pen-testing tools"
• Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Database pen-testing tools"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As leaders in database vulnerability research, NGS Software has some
excellent audit and assessment tools available for database installations.
You can check them out at:
www.ngssoftware.com

Word on the street is that some dude named "Tim Mullen" or some such just
started working with them, and he seems to be a nice enough guy, so I'll go
out on a limb and recommend NGS as well ;)

t

----- Original Message -----
From: "Erin Carroll" <amoeba@amoebazone.com>
To: <pen-test@securityfocus.com>
Sent: Friday, May 18, 2007 12:22 PM
Subject: Database pen-testing tools

> List members,
>
> Does anyone have some suggestions or experience with database-specific
> pen-testing tools that you would recommend? I am by no stretch of the
> imagination a DBA (I run at the first sign of the words "Relational
> Database") so tools that don't require a large amount of DBA-ish
> background
> to use to their full potential would be of particular interest.
>
> The database testing market seems to be growing rapidly now and some
> recommendations of tools to look at would be useful. I've played around
> with
> NGSSquirrel, AppSec, have experience with some Oracle-specific tools of
> course...and ran into a new player in the market (Securno) at InfoSec
> Europe. Just wondering what other players are out there that are effective
> or you've played with.
>
>
> --
> Erin Carroll
> Moderator
> SecurityFocus pen-test list
> "Do Not Taunt Happy-Fun Ball"
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Richard Brinson: "RE: Legality of WEP Cracking"
• Previous message: Tim Shea: "Re: Legality of WEP Cracking"
• Maybe in reply to: Erin Carroll: "Database pen-testing tools"
• Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Database pen-testing tools"
• Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Database pen-testing tools"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:48 EDT