Security Blogs
Secure Coding PL/SQL
I wrote a new presentation last year on secure coding with PL/SQL and presented it twice; once at a SIG in London and once in Oracles office in Edinburgh. This is a really interesting subject for me as i have....[Read More]
Posted by Pete On 14/01/13 At 07:43 PM
Oracle Security Search Is Annoying and protecting PL/SQL code
This post if not specifically about Oracle Security but I got here because of Oracle security so i am going to talk about Oracle security first...:-) I am working this morning on a proof of concept code for a security....[Read More]
Posted by Pete On 06/09/12 At 11:38 AM
Oracles Java Patch
OK, its not Oracle database security but its big news and it is from Oracle. Oracle have recently released an out of band Java security patch which supposedly fixed serious security flaws; then a few days ago the guys at....[Read More]
Posted by Pete On 05/09/12 At 12:11 PM
New Oracle Security Talks
I am going to be doing three sessions at the UKOUG conference this December in Birmingham. I am going to be chairing the Oracle Security Round table on the 4th December. I am also writing three new presentations; two for....[Read More]
Posted by Pete On 04/09/12 At 02:44 PM
New Oracle Security Presentation - Identity In The Database
The paper " Identifying Yourself in the Oracle Database " is available as a pdf to download from my Oracle security white papers page . This is new paper in terms of it has not been posted to my site....[Read More]
Posted by Pete On 03/09/12 At 08:11 PM
Oracle, Proxy, Obfuscation, Cookie Law, Talks, more...
It has been a long while since my last blog post. I have been very busy with Oracle security consulting, data security audits, teaching training courses and of course with my companies Database Security Scanner - PFCLScan . Oracle security....[Read More]
Posted by Pete On 20/06/12 At 02:23 PM
Oracle Security Training in Berlin ... and more ...
I am going to be teaching by two day Oracle security training course in Berlin on March 6th and 7th 2012 for DOAG - the German Oracle users group. You can find details of the course and also register to....[Read More]
Posted by Pete On 13/02/12 At 11:57 AM
More oradebug
Alex commented on my post about " oradebug " about the select statement on x$ksmfsv which holds a list of all fixed variables amongst other things and joined it to x$ksmmem to get the absolute address in the SGA to....[Read More]
Posted by Pete On 21/09/11 At 07:26 PM
oradebug
Laszlo has published his slides from Hacktivity in Budapest last weekend where he shows how the Oracle undocumented oradebug command can be used to exploit the database; covering turning off authentication, turning off audit and more. His slides are here....[Read More]
Posted by Pete On 21/09/11 At 12:54 PM