Database assessment

When we are testing, one of the things that we want to treat as a valuable asset is the databases for our clients. This is where the company usually has most of the data that, if compromised, could cost the company a great amount of revenue. There are a number of different databases that are out there. We will concentrate on only three of them: Microsoft SQL, MySQL, and Oracle.


The MS SQL database has provided us with a number of vulnerabilities over the years, but as the versions of the database became more mature, the vulnerabilities decreased dramatically. We will start off by searching to see whether we can find any database exploits in the Exploit DB site for MS SQL. The results of the search are shown in the following ...

Get Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.