Author Topic: Fuzzing tool helps Oracle DBAs defend against SQL injection  (Read 2551 times)

Mike

  • Administrator
  • Hero Member
  • *****
  • Posts: 2036
    • View Profile
Full Article: Fuzzing tool helps Oracle DBAs defend against SQL injection

Database security software vendor Sentrigo Inc. released a new open source fuzzing tool, FuzzOr, designed to identify vulnerabilities found in Oracle database software applications.

With FuzzOr, Sentrigo aimed to create a tool that would allow database administrators and programmers to test PL/SQL applications for security vulnerabilities, said Slavik Markovich, co-founder and chief technology officer of Sentrigo.

While other tools for vulnerability assessment typically fix a list of errors, the FuzzOr is dynamic because it does not have a preconfigured checklist, Markovich said.

"[FuzzOr] is different because I don't think there is any other tool that does fuzzing on the PL/SQL program," Markovich said. "FuzzOr tries to scan a particular code and analyze [the code] for vulnerabilities."

Oracle security expert Pete Finnigan, director for PeteFinnigan.com, an Oracle security site, said FuzzOr is a useful tool because it is one of the only practical tools that is free and analyzes PL/SQL for vulnerabilities.

"FuzzOr has the advantage because with FuzzOr you're not looking at soft code and analyzing it, instead you're trying to break it and make it do something different," Finnigan said.

Full Article: Fuzzing tool helps Oracle DBAs defend against SQL injection