Security testing for SQL Server based web application
If any one has prior experience in doing a scurity testing on SQL server based web application pls drop me a mail. wanna share t knowledge. Areas Looking at :
Brute force the sa password
Restore enrcypted backups without the key
Decrypt the encrypted connection string
Break the SSL Layer
Login as a diffrent windows user and get the date from the secured database
Break the ACL
If anyone has done any of those before pls contact.
24 hours online..... [img]images/icons/smile.gif[/img]
Re: Security testing for SQL Server based web application
I dont have any idea on decryting the connection string and breaking the SSl layer, but all if you want to do is to get into the database of sql server 2000 from the web application you can try with SQL Injection.with which yo can even delete the tables from the database, the infromation and links about SQL injection are present in this forum of security Testing.