Published on January 11th, 2011 | by NJ Ouchn0
Focus on FuzzOr The Oracle Fuzzing Tool
FuzzOr is an open source “fuzzing” tool for Oracle databases designed to identify vulnerabilities found in software applications written in PL/SQL code. This utility allows PL/SQL programmers, database administrators (DBAs) and security professionals to identify and repair vulnerabilities that may be exploited via SQL injection and buffer overflow attacks—the most common techniques used by hackers to launch attacks on databases.
Exploiting of weaknesses in application code running on top of corporate databases is a common attack vector. By gaining access to application schemas, hackers or privileged insiders can tap into the database itself, where the organizational “crown jewels” reside. FuzzOr is one of the first tools designed to detect vulnerabilities in these applications, providing an additional level of database security.
Sentrigo’s FuzzOr utility runs on Oracle database versions 8i and above to identify vulnerabilities due to poor coding practices. A dynamic scanning tool, FuzzOr enables DBAs and security pros to test PL/SQL code inside Oracle-stored program units. Once vulnerabilities are detected by FuzzOr, a programmer can then repair the PL/SQL code. In cases of legacy or complex applications where code changes and repairs are more difficult to implement, FuzzOr seamlessly integrates into Sentrigo’s Hedgehog software products, and automatically generates virtual patching to alert on or prevent attempts to exploit the discovered vulnerabilities.
Download (Very Annoying thing: it needs registration before download !!!)