1 00:00:06,500 --> 00:00:07,667 - [Presenter] Let's first, take a look at some of 2 00:00:07,667 --> 00:00:09,648 the commercial tools that are available for 3 00:00:09,648 --> 00:00:12,315 automated scanning of databases. 4 00:00:13,198 --> 00:00:15,431 Some of these, we mentioned in earlier lessons 5 00:00:15,431 --> 00:00:19,598 and they are related to automated scanning of servers 6 00:00:20,447 --> 00:00:24,599 and clients on networks, but so many of them 7 00:00:24,599 --> 00:00:27,903 also, have database functionality, as well. 8 00:00:27,903 --> 00:00:30,418 So, let's start with Nessus. 9 00:00:30,418 --> 00:00:34,917 Nessus scans for a variety of different database issues. 10 00:00:34,917 --> 00:00:38,250 It supports Oracle MS SQL server, MYSQL, 11 00:00:39,161 --> 00:00:41,744 PostgreSQL, as well as MongoDB. 12 00:00:43,909 --> 00:00:47,308 Nexpose, is also able to scan for 13 00:00:47,308 --> 00:00:49,150 a variety of database issues, 14 00:00:49,150 --> 00:00:52,797 like default passwords, default configurations, 15 00:00:52,797 --> 00:00:56,964 missing patches, buffer overflows, listening ports, 16 00:00:58,323 --> 00:01:00,950 privilege escalation, things like that. 17 00:01:00,950 --> 00:01:03,950 It supports Oracle MS SQL and MYSQL. 18 00:01:06,834 --> 00:01:09,242 Qualys can remotely detect, 19 00:01:09,242 --> 00:01:12,524 more than 540 database vulnerabilities. 20 00:01:12,524 --> 00:01:16,607 It supports Oracle, MS SQL, MYSQL and postgreSQL. 21 00:01:18,707 --> 00:01:21,825 Imperva Scuba is actually, a purposely built tool 22 00:01:21,825 --> 00:01:24,265 for database testing. 23 00:01:24,265 --> 00:01:26,923 So, let's take a quick look at how 24 00:01:26,923 --> 00:01:30,923 automated scanners would work against databases. 25 00:01:32,209 --> 00:01:34,746 Now, the truth is, they work much the same 26 00:01:34,746 --> 00:01:39,745 that they would, against a server or a client workstation, 27 00:01:39,745 --> 00:01:42,448 that you're scanning for vulnerabilities. 28 00:01:42,448 --> 00:01:46,073 Again, the automated scanner is just an application 29 00:01:46,073 --> 00:01:49,288 that's running on your client machine. 30 00:01:49,288 --> 00:01:52,121 So, let's say, this one is Nessus. 31 00:01:53,087 --> 00:01:55,929 We have our database server, 32 00:01:55,929 --> 00:01:57,479 which is our target 33 00:01:57,479 --> 00:01:59,174 and essentially, what we're gonna do is, 34 00:01:59,174 --> 00:02:02,464 we're gonna tell Nessus, scan this database server, 35 00:02:02,464 --> 00:02:06,000 look for vulnerabilities in the database. 36 00:02:06,000 --> 00:02:08,213 The first thing, that Nessus is gonna do, 37 00:02:08,213 --> 00:02:11,164 or the first thing any automated scanner is gonna do, 38 00:02:11,164 --> 00:02:15,482 is it's gonna send probes to the database server, 39 00:02:15,482 --> 00:02:17,631 to try and find out some information of 40 00:02:17,631 --> 00:02:20,204 what type of server it's running, 41 00:02:20,204 --> 00:02:22,136 what type of database it's running, 42 00:02:22,136 --> 00:02:26,664 so, that it can then send the correct attacks. 43 00:02:26,664 --> 00:02:28,794 Once it finds out the information, 44 00:02:28,794 --> 00:02:31,377 so, let's say, it determined it 45 00:02:32,820 --> 00:02:36,987 MYSQL was running, and it was running version 247, 46 00:02:40,502 --> 00:02:43,200 from there, Nessus is going to 47 00:02:43,200 --> 00:02:47,936 identify in its database, which vulnerabilities 48 00:02:47,936 --> 00:02:52,129 might apply to that specific database version. 49 00:02:52,129 --> 00:02:56,483 Then, it's going to try and send some attacks 50 00:02:56,483 --> 00:02:59,892 against the database server, to see if they actually work. 51 00:02:59,892 --> 00:03:03,472 Based on the responses from the database server, 52 00:03:03,472 --> 00:03:06,722 Nessus will record in its own database, 53 00:03:07,674 --> 00:03:11,068 whether or not, it's a vulnerability or not. 54 00:03:11,068 --> 00:03:15,607 Of course, in the end, it will output a report 55 00:03:15,607 --> 00:03:19,774 telling you if there are high, medium or low vulnerabilities 56 00:03:23,125 --> 00:03:27,292 and then, from there, of course, we need to validate those.