O'Reilly logo

Hacking For Dummies® 3rd Edition by Kevin Beaver

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 15. Databases and Storage Systems

In This Chapter

  • Testing and exploiting database flaws

  • Finding storage weaknesses

  • Ferreting out sensitive information

  • Countering database and storage abuse

Attacks against databases and storage systems can be very serious because that's where "the goods" are located — as the bad guys are well aware. These attacks can occur across the Internet or on the internal network when external attackers and malicious insiders exploit any number of vulnerabilities. These attacks can also occur via the Web application through SQL injection.

Databases

Database systems, such as Microsoft SQL Server, MySQL, and Oracle, have lurked behind the scenes but their value — and their vulnerabilities — have finally come to the forefront. Yes, even the mighty Oracle that was once claimed to be unhackable is susceptible to similar exploits as its competition. With the slew of regulatory requirements governing database security, hardly any business can hide from the risks that lie within because practically every business (large and small) uses some sort of database.

Choosing tools

As with wireless, operating systems, and so on, you need good tools if you're going to find the database security issues that count. My favorite tools for testing database security are

  • Advanced SQL Password Recovery (www.elcomsoft.com/asqlpr.html) for cracking Microsoft SQL Server passwords

  • Cain & Abel (www.oxid.it/cain.html) for cracking database password hashes

  • QualysGuard (www.qualys.com) for performing ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required