Results 1 to 3 of 3

Thread: SQL Servers

  1. #1
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    1

    Default SQL Servers

    A website I am building currently stores and displays information in a SQL database and I am concerned about how safe my data. How easy would it be for someone to break in and does any one know of any guides that would let me have a go at it myself.

  2. #2
    Junior Member
    Join Date
    Feb 2010
    Location
    on this page
    Posts
    34

    Default Re: SQL Servers

    Quote Originally Posted by MutantKeyboard View Post
    A website I am building currently stores and displays information in a SQL database and I am concerned about how safe my data. How easy would it be for someone to break in and does any one know of any guides that would let me have a go at it myself.
    I would use google to help you find the answer to your question. Plenty of fuzzers, write ups and tools on the internet and also some in Back Track that will test out the SQL database.

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: SQL Servers

    Quote Originally Posted by MutantKeyboard View Post
    A website I am building currently stores and displays information in a SQL database and I am concerned about how safe my data. How easy would it be for someone to break in
    That depends on how well the site is designed.

    Quote Originally Posted by MutantKeyboard View Post
    and does any one know of any guides that would let me have a go at it myself.
    These are some good and very complete references:
    Amazon.com: SQL Injection Attacks and Defense (9781597494243): Justin Clarke: Books
    Amazon.com: The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws (9780470170779): Dafydd Stuttard, Marcus Pinto: Books

    If you want something free look at the OWASP Testing Guide (or just the OWASP site in general):
    Category:OWASP Testing Project - OWASP
    OWASP

    There are also various training courses on the subject, including the PWB course from Offensive Security and the GWAPT and GPEN courses from SANs.

    I have only given very high level answers here because this is not the type of question that can be usefully answered in a forum post. If you dont already have skills in this area your best bet is to hire a professional to assess the security of your website for you.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •