Systems Engineering and RDBMS

Recent Security Issues

Posted by decipherinfosys on May 7, 2008

Of late, there have been too many news about hackers exploiting the vulnerabilities of Oracle and MS SQL Server – a majority of these issues have been because of the SQL injection attacks i.e. bad application and DB programming issues and some of the issues have been because of poor configuration or poor password choices which have been hacked. I was talking to a good friend of mine who is an expert in the security area and he mentioned some of the tools out there that you can use to uncover the vulnerabilities in your environments.

The first tool to start with is the MSFT Baseline Security Analyzer itself. You can read more at this link:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

The second one from MSFT would be the SQL Server 2005 Best Practices Analyzer. Use this for checking SQL Server instances for any known security vulnerabilities.

The other commercial ones are:

NGSSQLCrack: Use this for validating that the passwords that you have are strong ones.

NGSSquirrel: Use this for finding different security vulnerabilities with SQL Server and Oracle

Absinthe: Use this for doing SQL Injection tests. Works for both SQL Server and Oracle.

Sorry, the comment form is closed at this time.

 
%d bloggers like this: