Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: SQL Injection Tools

Re: SQL Injection Tools

From: Rick Zhong <sagiko_at_gmail.com>
Date: Mon, 23 Jun 2008 12:49:21 +0800

Hi,
I guess it is kind of difficult to find an almighty all-purpose sql
injection tool, simply because the vast varieties of SQL injection
attacks due to different databases, techniques and progamming language
APIs. You may want to go for more specialized classifications, for
example, absinthe and SQL Power Injector are good in blind SQL
injection testing while SQLninja and NBSI are good for ASP+MSSQL
applications. NGSS is very well-known for their Oracle vulnerability
research capabilities.

I have used/evaluated about half of those tools in that list, and SQL
Power Injector is most impressive to me. It might has a sharp learning
curve initially due to all the configuration and tuning, but it is
well-documented.

regards,
Rick Zhong
------------------------------------------------------------------------------------------------
Welcome to my blog - Informaiton (In)Security in Financial Industry
http://blog.rickzhong.com
------------------------------------------------------------------------------------------------

On Mon, Jun 23, 2008 at 8:23 AM, Serg B <sergeslists_at_gmail.com> wrote:
> Hi All,
>
> Can anybody suggest a relatively reliable SQL injection tool? Either
> Open Source or proprietary - required for business use. So far, I've
> been clobbering all sorts of weird SQL strings manually, would be nice
> to minimize the repetitive keyboard labor.
>
> So far, I am going through this list:
> http://www.security-hacks.com/2007/05/18/top-15-free-sql-injection-scanners
>
> If there is anything better out there, or if anybody thinks I should
> concentrate on a particular tool from the list (link above), please
> let me know.
>
>
> Thanks,
> Serg
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
> Methodologies & Tools for Web Application Security Assessment
> With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
> -------------------------------------------------------------------------
>
> 

-- 
Information (In)Security In Financial Industry: h44p://blog.rickzhong.com
-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! 
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Jun 24 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos