If you want to find security bugs in your database system, there are a few basic principles and techniques that might help:
- Don't believe the documentation
- Implement your own client
- Debug the system to understand how it works
- Identify communication protocols
- Understand arbitrary code execution bugs
- Write your own "fuzzers"
From: The Database Hacker's Handbook
