Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Database Scanning Tools
[SAMATE Home | IntrO TO SAMATE | SARD | SATE | Bugs Framework | Publications | Tool Survey | Resources]
Database Scanners are a specialized tool used specifically to identify vulnerabilities in database applications. In addition to performing some external functions like password cracking, the tools also examine the internal configuration of the database for possible exploitable vulnerabilities. Database scanning tools discover vulnerabilities through the following functions:
check/verify:
- passwords
- default account vulnerabilities
- logon hours violations
- account permissions
- role permissions
- unauthorized object owners
- remote login and servers
- system table permissions
- extended stored procedures
- cross database ownership chining
- authentication
- login attacks
- stale login ids
- security of admin accounts
- excessive admin actions
- passwords
- password aging
- auditing trail
- auditing configuration
- buffer overflows in user name
- buffer overflows in database link