Security Blogs

The last time I taught an in-person training class around Oracle security was almost 5 years ago. I was in The Hague for a class in February 2020 and then the lockdown hit us for Covid in March 2020 and....[Read More]

Posted by Pete On 13/11/24 At 01:56 PM

No one wants to be hacked or their data stolen or leaked or their database be breached but it can happen. If you become the latest victim of a data hack and your Oracle database is compromised then what do....[Read More]

Posted by Pete On 06/11/24 At 11:23 AM

I was just made aware by a friend that my Oracle security blog was 20 years old just recently. As its a big anniversary I think its worth a blog post to celebrate. The blog started on the 20th of....[Read More]

Posted by Pete On 30/10/24 At 03:04 PM

We have just released version 2024 and we have added around 340 new checks to the analyser for PL/SQL to located PL/SQL security issues. We can identify a number of types of security issues in your PL/SQL that includes: Use....[Read More]

Posted by Pete On 29/10/24 At 12:54 PM

We have recently added around 750 new checks to our Oracle database scanner PFCLScan for our new version 2024 release that can be used to locate security issues in any Oracle database. We now have around 2000 security checks that....[Read More]

Posted by Pete On 24/10/24 At 12:48 PM

Firstly I was very pleased to announce that I have been made an Oracle ACE Pro again for the year to come. I just received the Oracle ACE tee shirt, polo shirt, jacket and of course the ACE Certificate. The....[Read More]

Posted by Pete On 03/10/24 At 10:44 AM

It has been a while since my last blog post as we have been incredibly busy here with customers work, new versions of our products and from a personal point of view moving house. I just got an email from....[Read More]

Posted by Pete On 19/09/24 At 12:27 PM

There was a post a few days ago on LinkedIn by Johannes Michler about easily passing passwords to adop via a shell script when patching E-Business Suite. This script sets the password for the E-Business Suite APPS user, SYSTEM and....[Read More]

Posted by Pete On 28/08/24 At 09:24 AM

I was approached by a lady on LinkedIn a few weeks ago to ask me if I would speak at a conference in another country. I said that I was interested and asked for more details and importantly do they....[Read More]

Posted by Pete On 28/08/24 At 09:24 AM

I had an issue to solve where I needed to find if some base64 encoded text included a clear text string which was of course encoded in the source data. I needed to search hundreds of XML files where some....[Read More]

Posted by Pete On 12/08/24 At 07:50 AM

Just a short post about the PL/SQL parser and interpreter that I have been developing. As I have said in recent posts I am going to release a set of articles about the development of this interpreter in PL/SQL. I....[Read More]

Posted by Pete On 01/08/24 At 01:01 PM

I like PL/SQL and I am always playing around with it or writing tools for use in security audits in PL/SQL or trying to do things that are not normal with PL/SQL such as writing an interpreter. One thing I....[Read More]

Posted by Pete On 26/07/24 At 09:22 AM

Do you develop PL/SQL? Is your Oracle PL/SQL protected? My name is Pete Finnigan and in the next few minutes I will show you how you can protect you PL/SQL investment from theft. We can: Stop people stealing your ideas....[Read More]

Posted by Pete On 23/07/24 At 03:14 PM

I talked at a high level a few weeks ago about Extreme PL/SQL and gave a brief look at an interpreter I have been creating for a simple language based on BASIC. I have been keeping notes in a Word....[Read More]

Posted by Pete On 17/07/24 At 12:00 PM

In my last blog on Extreme PL/SQL I mentioned pointers in PL/SQL. PL/SQL does not support pointers or dynamic memory management in the same way that we can write in C code. In C code we can define a variable....[Read More]

Posted by Pete On 28/06/24 At 09:03 AM

I talked recently about securing APEX and the different security angles that should be considered when securing data in application that is written using APEX and hosted in an Oracle database. There are multiple attack vectors from a web based....[Read More]

Posted by Pete On 28/05/24 At 09:35 AM

It has been a while since my last blog post here. I have not abandoned blogging. Over the last year and more I have blogged regularly and this is reflected in my Oracle ACE Pro contributions this last year. I....[Read More]

Posted by Pete On 25/06/24 At 10:04 AM

This is a thought experiment really but is possible to do with some efforts and in a more targeted way. I have coded in PL/SQL for around 29 years and it is one of my favourite languages along with C....[Read More]

Posted by Pete On 08/05/24 At 11:20 AM

I had a conversation a few weeks ago with someone who asked me how to find a missing table when you have a wrapped PL/SQL file and cannot see the source code and you install it and it gives an....[Read More]

Posted by Pete On 18/03/24 At 01:00 PM

Do you develop software in PL/SQL? I will show you in the next few minutes how you can learn to find security vulnerabilities in your PL/SQL code Even if the database that your PL/SQL is deployed to is secure then....[Read More]

Posted by Pete On 06/03/24 At 09:45 AM