Database Security software Vendor Sentrigo Inc. has released a new open source Fuzzing tool Fuzzor to identify vulnerabilities in Oracle database software applications. Slavik Markovich, one of Sentrigo's founders and chief technology officer, said Fuzzor,sentrigo was about to create a tool that would allow database administrators and programmers to test security vulnerabilities in PL applications. Markovich says other vulnerability assessment tools typically fix a series of bugs, while Fuzzor is dynamic because it's not in the set list. Markovich said: "(Fuzzor) is different, because I think there are no other tools to do PL project." Fuzzor scans special code and analyzes (code) for vulnerabilities. "Fuzzing:sql injection attack New trend alert researchers: Researchers are discovering new trends in SQL injection attacks, indicating that attackers find it easy to attack new targets. Should fuzzing be part of the security software start program? Fuzzing is a common software testing method that cannot be your only vulnerability assessment technique. Can fuzzing effectively identify a cross-site scripting (XSS) vulnerability? Fuzzing can find vulnerabilities in the software, but the test program cannot discover each vulnerability. Ed Skoudis explains the other tools that are needed when looking for a cross-site scripting vulnerability. Oracle's security expert, also head of Oracle's security website Petefinnigan.com Pete Finnigan, said Fuzzor is a useful tool because it is the only utility that is free to analyze vulnerabilities in pl. Finnigan said: "Fuzzor has the advantage, because with Fuzzor, you do not need to look at the software code analysis, or you have to decompose it to make it different things." Finnigan says the database administrator may not be able to understand Fuzzor right away, but it's fairly simple to use and has a simple way of using it. "You can run Fuzzor on a project or a single piece of code, so it's very simple to run," he said. (it) tells the user which code and parameters are susceptible to the tool, so you can view the code and find out how to fix it. "This tool is also ideal for detecting vulnerabilities related to SQL injection and buffer load errors because they are the most common vulnerabilities written using PL," Finnigan said. Finnigan says the time it takes to detect errors is proportional to the number of programs it runs, but the tool is "pretty fast and doesn't need to run all night." Fuzzor "Finnigan it cannot run inside the product because the tool's work is not just read. The tools used in the product system should only be read to prevent unexpected changes, so this is contradictory to the Fuzzor. Markovich says the tool can't fix the problem, it just tells the user where the error is. Markovich said that it does not make a vulnerability assessment, detection or encryption. Fuzzor is a free open source tool, which means that the GPL is licensed and allows users to change or add code as long as the user has a license. Finnigan says all DBAs can try and use them internally. Finnigan said: "Fuzzor is free, extensible, and is written in scripting language, software code is readable-there is no hidden thing, you can see how it works." ”
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.