Database Security

Databases today are very complex beasts.  Most major businesses run one or another to record and document transactions and information.  The security of these databases is paramount.  By default a number are insecure out of the box so require a great deal of work to be done on them before they are let loose on the general public to interact with.

The major players today are:

• Oracle - Oracle pages can be found here

• Sybase - Sybase pages can be found here

• Sql Server - SQL Server pages can be found here

• MySql - Under Construction

I have put together what is hopefully some interesting security related information regarding these products, together with a number of how-to's on what tools you can utilise against which database, the expected results and some command syntax.  As this is a big subject, I will be adding to it as things spring to mind and different tools appear.  I hope it is useful

SQL Injection is bar far one of the most dangerous exploitable holes found today in front-end web servers serving content from the back-end database servers.  I have managed to compile a list of valuable resources that may help Vulnerability Analysts/ Penetration Testers alike.  This list can be found here.