applications offer a portal into those databases, and attackers may
               leverage database-backed web applications to direct attacks against

               databases, including SQL injection attacks.



                             SQL injection attacks and other web applications


                  vulnerabilities are discussed in more detail in Chapter 21,
                  “Malicious Code and Application Attacks.” Database security issues
                  are covered in Chapter 9, “Security Vulnerabilities, Threats, and
                  Countermeasures.”



               Database vulnerability scanners are tools that allow security
               professionals to scan both databases and web applications for
               vulnerabilities that may affect database security. sqlmap is a
               commonly used open-source database vulnerability scanner that
               allows security administrators to probe web applications for database

               vulnerabilities. Figure 15.6 shows an example of sqlmap scanning a
               web application.




































               FIGURE 15.6 Scanning a database-backed application with sqlmap