Matrixay—When Web App &Amp; Database Security Pen-Test/Audit Is A Joy presented at Blackhat USA 2005

by Yuan Fan, Xiao Rong,

Tags: Security Web

Summary : This topic will present a new web-app/DB
pen-test tool. This tool supports both proxy (passive) mode as well as
direct URL targeting. It is a mixed Web App SQL Injection systematic
pen-test and WebApp/Database scanner/auditing-style tool and supports
most popular databases used by web applications such as Oracle, SQL
Server, Access and DB2. It has many unique features from web app backend
Database automatic detection to the ability to browse database objects
(without the need to ask for a passwords, of course), to the ability to
locate/search for any sensitive content inside the DB and find more
vulnerability points from source as well as privilege escalation.