Home page logo
/

webappsec logo WebApp Sec mailing list archives

RE: good database testing tools to guard against SQL injection fo r Microsoft, Oracle?
From: "Murtland, Jerry" <MurtlandJ () Grangeinsurance com>
Date: Tue, 11 May 2004 10:15:42 -0400

Foundstone has quite a few good tactical scanning tools such as SQLSCAN.
There are some others as well such as RPCscan.  I'd take a look at those.
They are located under resources at www.foundstone.com.

Goodluck.

Jerry J. Murtland, CISSP
Sr. Data Security Analyst


-----Original Message-----
From: Harbar, Spencer J. [mailto:spencer.harbar () dns co uk]
Sent: Tuesday, May 11, 2004 7:41 AM
To: Earl.Perkins () metagroup com; webappsec () securityfocus com
Subject: RE: good database testing tools to guard against SQL injection
for Microsoft, Oracle?



SQL injection is a vulnerability in an application rather than the
database environment itself.

Check out AppScan from www.sanctuminc.com, WebInspect from
www.SPIDynamics.com and scando from www.kavado.com which are all
excpetional at spotting these vulns.

Hth
S.


-----Original Message-----
From: Earl.Perkins () metagroup com [mailto:Earl.Perkins () metagroup com] 
Sent: 10 May 2004 17:55
To: webappsec () securityfocus com
Subject: good database testing tools to guard against SQL injection for
Microsoft, Oracle?

does anyone have recommendations for good database testing tools to spot
and correct potential exploitation opportunities for SQL injection
attacks in Microsoft and Oracle database environments?
thanks.

Earl L. Perkins
Vice President, Security & Risk Strategies Technology Research Services
META Group, Inc.     http://www.metagroup.com
earl.perkins () metagroup com
Voice: 504-362-0291   Fax: 925-889-2523

META Group --- Return On Intelligence*
=========================
*A service mark of META Group, Inc.





-----------------------------------------------------------------
                       METAmorphosis 2004 META Group's 15th Annual Forum
for Meeting Business and IT Change

 "The Adaptive Organization: Building Value by Remodeling for IT
                          Flexibility"
                 http://www.metagroup.com/mm2004

                         March-May 2004
     San Diego - Chicago - Barcelona - Sydney - Johannesburg
-----------------------------------------------------------------






---------------------------------------------------
This email from dns has been validated by dnsMSS Managed Email Security and
is free from all known viruses.

For further information contact email-integrity () dns co uk




  By Date           By Thread  

Current thread:
  • RE: good database testing tools to guard against SQL injection fo r Microsoft, Oracle? Murtland, Jerry (May 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault