mysql vulnerability check

hi

any idea how can i do mysql vulnerability check for my server ?
loongAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Beverley PortlockCommented:
What do you mean? Are you worried about remote access via port 3306 or injection attacks via PHP?

MySQL account security

http://dev.mysql.com/doc/refman/5.5/en/default-privileges.html and ALWAYS remove the default database 'TEST'

From PHP the main pathway is SQL injection

http://php.net/manual/en/security.database.sql-injection.php
0
loongAuthor Commented:
hi
thanks for reply

any scanner to check what is mysql vulnerability for this version ?
0
Beverley PortlockCommented:
Securing MySQL is a combination of things. The simplest, most basic check is to ensure that the TEST database is removed and that every MySQL user requires a password. Also if the "Any" user is present get rid of it after ensuring that you have a "root" account and a non-root account that are password secured and tested as working. An additional option is to ensure that all users are limited to an IP address or LOCALHOST. PhpMyAdmin can be useful for this.

There is a general scanner for PHP vulnerability which includes SQL injection tests, but I have never used this software.

http://rips-scanner.sourceforge.net/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

loongAuthor Commented:
found 1 is google

http://www.rapid7.com/resources/free-security-software-downloads/MySQL-vulnerability-scanner-CVE-2012-2122.jsp


but it only scan and check CVE-2012-212..

i want a scanner to check what vulnerebillity.. like wordpress scanner...
0
tel2Commented:
Good points, Ray, but what do you mean by:
    > In a forum where the default grade is "A"...
When I close EE questions, it asks me what grade I want to assign, but there is no default.

Thanks.
tel2
0
Ray PaseurCommented:
@tel2: Have a look at the grading guidelines, here:
http://support.experts-exchange.com/customer/portal/articles/481419
0
tel2Commented:
Agreed, Rey.

Just thought you might be trying to say the grade radio buttons defaulted to "A".

Thanks for the clarification.
0
loongAuthor Commented:
ok understand
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.