I guess.I subscribe to the pentest list over at Security Focus and saw a post on their over the weekend when clearing my email boxes about SQL Injection tools. The question was posed in a post titled "SQL Injection Tools". This promoted a number of responses offering views and some links to tools but the original post was very useful as it linked to a list of http://www.security-hacks.com/2007/05/18/top-15-free-sql-injection-scanners - (broken link) The top 15 free SQL Injection Scanners. This is a good list and very useful for anyone interested in protecting applications and database and particularly in our cases applications that are coded against Oracle databases.
I would not suggest running these tools as DBA's against production databases but they offer great value in terms of learning about the issues and how to detect them. Certainly run them against test or development systems that you own ideally isolated from the rest of your organisations data and business, in other words tools like these can in some cases cause issues for working, Dos, changes to data and so on. So be careful with them, run them only on a database/application you fully own and control but learn from them and apply the knowledge learned to help secure databases.
Nice list!
