Test Your Server for SQL Injection

By | 2011/06/27

Q: What tools are used for testing for MySQL and other database injection vulnerabilities?


The following are often used to automate testing for SQL injections by network and security admins:

sqlmap – automatic SQL injection and database takeover tool
Havij – automated SQL injection tool
metasploit – security framework

(Metasploit as you may be aware is an entire framework used for various security testing!)

Pangolin – automated SQL injection test tool


The BackTrack Linux distro is a good disc to have in your security pocket as well:

http://www.backtrack-linux.org

Be smart! Only test your own server or servers that you have permission to do penetration testing.