Hi all,
I am looking for tools that I can use to audit the security of my database at the moment. Does anyone have any resources on this? I am running postgres, so that will take precedence.
views:
61answers:
2
+3
A:
sqlmap is an open source SQL injection tool that works with PostgreSQL. It runs on Python, though, so you would need to install a Python interpreter.
YWE
2010-10-08 16:15:29
hmm interesting.
Woot4Moo
2010-10-08 16:18:36
interesting indeed. thx for sharing
Dave
2010-10-08 17:00:46
This is not for testing, this is for exploitation.
Rook
2010-10-08 18:32:09
Well I am trying to break my system to resolve vulnerabilities
Woot4Moo
2010-10-08 18:38:01
@Woot4Moo No you already have access to your system, you don't need to break in. You need to test your software for vulnerabilities and then patch them. Massive difference. Sqlmap is for blackhats and penetration testers.
Rook
2010-10-08 18:44:47
ahh thanks for the clarification. Would it be worthwhile to learn the techniques from a security perspective?
Woot4Moo
2010-10-08 18:47:14
@Woot4Moo yes it is defiantly worthwhile to know how sql injection is exploited. There is no doubt you will be better and determining false positives and writing rock solid patches.
Rook
2010-10-16 18:32:10
+1
A:
Wapiti is an open source tool for testing web application for many different types of vulnerabilities including sql injection. It has signatures for testing for blind sql injection under Postgresql.
If you have some money to spend you can get Acunetix($) or NTOSpider($$$$$).
Rook
2010-10-08 18:33:39