Tag: SQL

Enabling slow query log on Amazon RDS

The slow query log can be used to find queries that take a long time to execute and are therefore candidates for optimization. If you want to enable slow query log on your Amazon MySQL RDS instance, you need to be aware of 2 things :-

  1. To be able to enable and disable slow query log on the RDS instance. Make sure you disable it after a few mins of enabling it. It’s not advised to keep it enabled for long, especially on production servers.
  2. To be able to view the slow queries once you have enabled the log. As of MySQL 5.1.6, the destination of the slow query log can be a file or a table or both.

You are going to need to edit the parameter “slow_query_log” under the DB parameter group of your RDS instance.  A RDS instance would usually be setup with a default DB parameter group e.g. if you are running Mysql 5.5.x. your DB parameter group would be called default.mysql5.5 and so on. I believe AWS won’t allow you to modify a default DB parameter group, so it’s best to create one of your own based on one of the default ones and use that for your DB instance. Once your RDS instance is running off your custom parameter group, you can then go ahead and start modifying parameters in it.

Since not too long ago, this could only be done via the command line. But now, this can be done via the AWS Management console as well. You need to be in the DB Parameter Groups section in the AWS RDS Console. Find your Parameter group and click on it. Then click on the ‘Edit Parameters’ button.

edit_parameters_rds_console

 

Once in the edit mode, find the “slow_query_log” parameter. You might have to scroll down towards the bottom. Change this value to 1 if you are enabling it and 0 if you are disabling it. No other values would be accepted here. Read More

SQLmap GUI – SQL Injection Tool

SQL injection is the most dangerous vulnerability that can cause a great harm to the website and their database, web application penetration testing is the right way to audit the security of a web application, since penetration testing means to confirm the vulnerability by exploit the vulnerability and there are several exploitation tool for SQLi is available and SQLmap is among of them.

SQLmap is the very famous SQL injection exploitation tool and the command line version of the tool was previously available but now the GUI (graphical user interface) of SQLmap is also available which is very easy to use and user friendly.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Read More