In this post, I would like to share knowledge and experience while doing database Penetration Testing. The purpose of Penetration Testing is to find vulnerabilities within the system and simulate the controlled environment if there is any cybersecurity attack which will be exposed to the public.
Database type that security consultant will focus would be:
Oracle ServerMySQL Server Main Objective
Why security consultant to do an assessment on the Database that been implemented within the organisation’s infrastructure because of to tested the following scenario:
To check the privilege level access to the DatabaseAlso to check the privilege on the Operating System and listener/client that connected to Database. Security Consultant/ Ethical hacker will verify the vulnerabilities on the system and don’t want to damage or steal any information tools used
There’s a lot of tools that can be used for Database Penetration Testing activity but I will highlight a few of them as follows:
dbpwaduit 0.8 is a java tool that will normally allow the tester to do an online audit of password quality that been stored on several database engines. The tools have been tested on microsoft SQL Server 2000/2005, Oracle version 8 until 11, IBM DB2