From: Pete Finnigan (plsql@petefinnigan.com)
Date: Thu Mar 25 2004 - 16:09:02 EST
In article <53A3C10BA714D511BA9300805FA7FB2A0E448259@usmnyexc05.us.kworl
d.kpmg.com>, Doty, Stephen (BearingPoint) <sdoty@bearingpoint.net>
writes
>
>Is anyone aware of free tools for Auditing an Oracle DB? If not, what other
>commercial tools exist in addition to the ISS Database scanner?
Hi,
I have a links to quite a few free scripts on my site as well as a big
list of commercial oracle security scanners and related software. The
free stuff includes penetration and check scripts for passwords, finding
databases, auditing file systems and listeners and database checks. I
also have links to two pl/sql based password crackers. About 20 free
tools and just over 20 commercial ones. Some of the commercial ones can
be downloaded for trial.
You can get this list at http://www.petefinnigan.com/tools.htm
You may also wish to take a look at my white papers page which includes
a lot of Oracle security papers and presentations but more importantly a
couple of big oracle security checklists. One is the Oracle S.C.O.R.E.
document from SANS that i wrote and is based on the SANS step-by-step
oracle security book. Also the CIS benchmark checklist is good and also
is based on the SANS guide in part. The papers and checklists can be
found at http://www.petefinnigan.com/orasec.htm
hth
Kind regards
Pete
-- Pete Finnigan email:pete@petefinnigan.com Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:51 EDT