[Previous entry: "An Oracle Security Survey by The IOUG and Oracle"] [Next entry: "Oracle Patch Tuesday Is Coming"]
SQL Injection tools
June 30th, 2008 by Pete
Post to del.icio.us
Post to Furl
It's been a while since my last post!, too much work, travel and not enough time for catching up 
I guess.
I subscribe to the pentest list over at Security Focus and saw a post on their over the weekend when clearing my email boxes about SQL Injection tools. The question was posed in a post titled "SQL Injection Tools". This promoted a number of responses offering views and some links to tools but the original post was very useful as it linked to a list of "The top 15 free SQL Injection Scanners". This is a good list and very useful for anyone interested in protecting applications and database and particularly in our cases applications that are coded against Oracle databases.
I would not suggest running these tools as DBA's against production databases but they offer great value in terms of learning about the issues and how to detect them. Certainly run them against test or development systems that you own ideally isolated from the rest of your organisations data and business, in other words tools like these can in some cases cause issues for working, Dos, changes to data and so on. So be careful with them, run them only on a database/application you fully own and control but learn from them and apply the knowledge learned to help secure databases.
Nice list!
