This is regarding security of a Database ...How can i test the security of a DB written using Stored Procedures....1.Can I do SQl Injection attacks..If notwhat else are the methods

Questions by rose   answers by rose

Showing Answers 1 - 3 of 3 Answers

mcsreddy

  • Dec 17th, 2006
 

hi

Security testing is very critical these testing was performed by seperate team.for these security testing these people r using separate tools.by using stored procedures also we can perform the testing but we hav knoledge on database.Security testing performs penetration testing which is very tough.

By using queries also we can test the database but it requries more exposure on writing the database queries.

  Was this answer useful?  Yes

Naveen Pathak

  • Feb 19th, 2007
 

Hi Dear

The scurity test conduct in following areas:

1) Whether user comes from proper Login Page

2) Applying SQL injection and session hijecking

3)Whether Customer order file are un restrictive .

4)Email confirmation should be abaliable

Regards;

Naveen Pathak

  Was this answer useful?  Yes

idreams27

  • Jul 6th, 2007
 


Hi,

Security testing can be performed in many ways. It can performed specified areas

    1. Black-Box Level
    2. White-Box Level and finally at
    3. Database Level.

For each of these there incudes different types of methods and based on these we can follow them. But all these methods can be used manually to test your application in above specified areas. We also require certian tools for few of the methods

Here are the list of security testing methods and techniques used in 3 areas

Functionality Testing
   a. Session Hijacking
   b. Session Prediction
   c. E-mail Spoofing
   d. Content Spoofing
   e. Phishing
   f.  Password Cracking
   g. Active Program Scripting Exploits

White-Box Testing
  a. Malicious Code Injection
  b. Penetration testing
  c. Input Validation
  d. Variable Manipulation

Database Testing (Stored procedures can be testing by SQL Injection and variable manipulation techniques you can fine more info on net)
  a. SQL injection
  b. Blind SQL Injection(Part of SQL Injection)
  c.  Input Validation

Atlast at website/webapplication level
  a. Cross-site scripting
  b. SSI Injection
  c. IP Spoofing

Hope this gives idea on what is security testing and in which all areas we carry out testing with what all methods and techniques

For any  more clarifications you can write at idreams27@yahoo.com

Thanks
Narasimha

Give your answer:

If you think the above answer is not correct, Please select a reason and add your answer below.

 

Related Answered Questions

 

Related Open Questions