Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "An Oracle Security Survey by The IOUG and Oracle"] [Next entry: "Oracle Patch Tuesday Is Coming"]

SQL Injection tools



It's been a while since my last post!, too much work, travel and not enough time for catching up sad I guess.

I subscribe to the pentest list over at Security Focus and saw a post on their over the weekend when clearing my email boxes about SQL Injection tools. The question was posed in a post titled "SQL Injection Tools". This promoted a number of responses offering views and some links to tools but the original post was very useful as it linked to a list of http://www.security-hacks.com/2007/05/18/top-15-free-sql-injection-scanners - (broken link) The top 15 free SQL Injection Scanners. This is a good list and very useful for anyone interested in protecting applications and database and particularly in our cases applications that are coded against Oracle databases.

I would not suggest running these tools as DBA's against production databases but they offer great value in terms of learning about the issues and how to detect them. Certainly run them against test or development systems that you own ideally isolated from the rest of your organisations data and business, in other words tools like these can in some cases cause issues for working, Dos, changes to data and so on. So be careful with them, run them only on a database/application you fully own and control but learn from them and apply the knowledge learned to help secure databases.

Nice list!