Author: John Lewis

Page: 1 2

With the passage of time, databases have become an incredible part of any data driven application. Web based applications with databases at the back end have made it easy for companies to connect with their customers without a glitch. At one side it has made life easy but on the other hand a number of security concerns have arisen due to improper coding.

SQL Injections:

Almost all web applications allow visitors to submit and retrieve data from a database over the Internet. SQL Injection is amongst the most common web-application hacking technique whereby specially crafted SQL commands are passed through web application so that they could be executed by the back-end database. If your application is vulnerable to SQL injections then hackers can easily get access to sensitive information. You cam read more about SQL Injections here

1. 7 ways of SQL injections and 7 guidelines to avoid them
2. SQL Injection Attacks - Are you safe?

SQL Injection Scanners:

A number of SQL Injection Scanners are available all over the web that can help you audit your web applications against SQL Injection vulnerabilities. Here is my list of top ten free SQL Injection Scanners .

SQLIer:

SQLIer is a great free SQL Injection Scanner that takes a SQL Injection vulnerable URL as an input and attempts to determine all the necessary information to build and exploit the SQL Injection vulnerability by itself. No user interaction is required unless it is unable to guess the table or field names correctly. SQLIer can build a UNION SELECT query designed to brute force passwords out of the database. This script also does not use quotes in the exploit to operate, meaning it will work for a wider range of sites.

Home Page:

http://bcable.net/project.php?sqlier

Download Link:

http://bcable.net/releases.php?sqlier

BobCat:

BobCat is a tool to help auditor take full advantage of SQL injection vulnerabilities. It is based on AppSecInc research. It can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user has access to

Home Page:

http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html

FJ-Injector Framwork:

FG-Injector is a free open source framework that can help you identify SQL injection vulnerabilities in web applications. This security tool is designed to detect research and leverage SQL injection exploitation. It includes a proxy feature for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation.

Home Page:

http://sourceforge.net/projects/injection-fwk

Download Link:

http://sourceforge.net/project/showfiles.php?group_id=183841

SQL Power Injector:

SQL Power Injector is a great application to help penetration tester find and exploit SQL injections on a web page. Currently SQL Power Injector is complaint to SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant but you can use it with any existing DBMS when using the inline injection (Normal mode).

Home Page:

http://www.sqlpowerinjector.com

Download Link:

http://www.sqlpowerinjector.com/download.htm

SQL Injection Pentesting Tool:

SQL Injection Pentesting Tool is a GUI-based utility that is designed to examine database through vulnerabilities in web-applications.

Home Page:

http://sqltool.itdefence.ru/indexeng.html  Continued...

Page: 1 2

 More Oracle Articles, Database Articles and DBA Tips
   Database Security: Step by step guideline
   Go beyond running exp and imp - Follow Database Migration Tips!!
   Important Oracle Issues and Solutions: A Must Read!!
   Oracle-SQL Guide: Look out for Fragmented Indexes
   Great Tips for Growing Listener Log Files!!