Security Blogs

I talked last week about an issue where I wanted to pre-create a unified audit policy with no rules so that I could create a number of policies for a customer in advance and then we could add the actions/rules....[Read More]

Posted by Pete On 06/01/25 At 12:22 PM

I have a requirement to pre-create unified audit policies and then add the ACTIONS, PRIVILEGES, ROLES etc after they have been created based on some stored audit rules for a customer. We tried to create a policy with no actions....[Read More]

Posted by Pete On 02/01/25 At 02:51 PM

This is the second talk that I did at the recent UKOUG conference at the East Side rooms in Birmingham. This talk discusses how you should respond if you think that your database has been breached or if you unfortunately....[Read More]

Posted by Pete On 19/12/24 At 02:26 PM

I presented recently at the UKOUG tech conference 2024 in Birmingham, UK at the Eastside rooms. This was a good conference and I had two talks there. This blog is about the first of those and includes a link to....[Read More]

Posted by Pete On 18/12/24 At 11:34 AM

I get asked a question often "Is your database more secure if its moved to the cloud?" and it does not matter which cloud we are talking about; could be Oracle OCI or Amazon or... This is an interesting question....[Read More]

Posted by Pete On 16/12/24 At 01:37 PM

If you use still or used standard auditing in the Oracle database then you should have come across an issue. If you have multiple teams enabling audit one team can destroy another teams audit settings. Here is a couple of....[Read More]

Posted by Pete On 28/11/24 At 09:59 AM

The last time I taught an in-person training class around Oracle security was almost 5 years ago. I was in The Hague for a class in February 2020 and then the lockdown hit us for Covid in March 2020 and....[Read More]

Posted by Pete On 13/11/24 At 01:56 PM

No one wants to be hacked or their data stolen or leaked or their database be breached but it can happen. If you become the latest victim of a data hack and your Oracle database is compromised then what do....[Read More]

Posted by Pete On 06/11/24 At 11:23 AM

I was just made aware by a friend that my Oracle security blog was 20 years old just recently. As its a big anniversary I think its worth a blog post to celebrate. The blog started on the 20th of....[Read More]

Posted by Pete On 30/10/24 At 03:04 PM

We have just released version 2024 and we have added around 340 new checks to the analyser for PL/SQL to located PL/SQL security issues. We can identify a number of types of security issues in your PL/SQL that includes: Use....[Read More]

Posted by Pete On 29/10/24 At 12:54 PM

We have recently added around 750 new checks to our Oracle database scanner PFCLScan for our new version 2024 release that can be used to locate security issues in any Oracle database. We now have around 2000 security checks that....[Read More]

Posted by Pete On 24/10/24 At 12:48 PM

Firstly I was very pleased to announce that I have been made an Oracle ACE Pro again for the year to come. I just received the Oracle ACE tee shirt, polo shirt, jacket and of course the ACE Certificate. The....[Read More]

Posted by Pete On 03/10/24 At 10:44 AM

It has been a while since my last blog post as we have been incredibly busy here with customers work, new versions of our products and from a personal point of view moving house. I just got an email from....[Read More]

Posted by Pete On 19/09/24 At 12:27 PM

I was approached by a lady on LinkedIn a few weeks ago to ask me if I would speak at a conference in another country. I said that I was interested and asked for more details and importantly do they....[Read More]

Posted by Pete On 28/08/24 At 09:24 AM

There was a post a few days ago on LinkedIn by Johannes Michler about easily passing passwords to adop via a shell script when patching E-Business Suite. This script sets the password for the E-Business Suite APPS user, SYSTEM and....[Read More]

Posted by Pete On 28/08/24 At 09:24 AM

I had an issue to solve where I needed to find if some base64 encoded text included a clear text string which was of course encoded in the source data. I needed to search hundreds of XML files where some....[Read More]

Posted by Pete On 12/08/24 At 07:50 AM

Just a short post about the PL/SQL parser and interpreter that I have been developing. As I have said in recent posts I am going to release a set of articles about the development of this interpreter in PL/SQL. I....[Read More]

Posted by Pete On 01/08/24 At 01:01 PM

I like PL/SQL and I am always playing around with it or writing tools for use in security audits in PL/SQL or trying to do things that are not normal with PL/SQL such as writing an interpreter. One thing I....[Read More]

Posted by Pete On 26/07/24 At 09:22 AM

Do you develop PL/SQL? Is your Oracle PL/SQL protected? My name is Pete Finnigan and in the next few minutes I will show you how you can protect you PL/SQL investment from theft. We can: Stop people stealing your ideas....[Read More]

Posted by Pete On 23/07/24 At 03:14 PM

I talked at a high level a few weeks ago about Extreme PL/SQL and gave a brief look at an interpreter I have been creating for a simple language based on BASIC. I have been keeping notes in a Word....[Read More]

Posted by Pete On 17/07/24 At 12:00 PM