Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Nov 23rd, 2017, 7:07am
News: Welcome to Pete Finnigan's Oracle security forum
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Security
(Moderator: Pete Finnigan)
   Security Whitepaper
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: Security Whitepaper  (Read 1699 times)
ITStudent
PeteFinnigan.com Newbie
*





   
View Profile |

Gender: male
Posts: 5
Security Whitepaper
« on: May 16th, 2007, 11:19am »
Quote | Modify

Hi @ all,
 
I am preparing to write a howto of securing Oracle Database, Oracle Application Server and Infrastructure and Oracle CMSDK (iFS). I have already read Oracle Security Guides and some Whitepapers written by Pete Finnigan and Alex Kornbrust.
 
Could someone give me a suggestion of pages and whitepapers which would be progressed, interesting and up-to-date? Information which I should not forget to bring in?
 
Thanks in advance for any Information
ITStudent
IP Logged
isaez
PeteFinnigan.com Junior Member
**



Ivan

   
View Profile |

Gender: male
Posts: 76
Re: Security Whitepaper
« Reply #1 on: May 16th, 2007, 6:48pm »
Quote | Modify

Hi ITStudent,
 
My  list of interesting papers (in random order) is:
 
1) Search Engines Used to Attack Databases by Aaron.C Newman (http://www.appsecinc.com)
 
2) Is finding security holes a good idea? by Erik Rescorla
  http://www.computer.org/security/
 
3) SQL Injection Are Your Web Applications Vulnerable?
   Spi Dynamics
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf
 
4) Stopping Injection attacks with computational theory by Robert J. Hansen and Meredith L. Patterson
 
5) Oracle database 10g release 2
   Defense in deptch security
   Oracle white paper
 
6) An Asssessment of the Oracle Password Hasshing Algorithm by Joshua Wrigth and Carlos Cid
 
7) Guns and Butter: Towards Formal Axioms of Input Validation
by Robert J. Hansen and Meredith L. Patterson
 
Cool Advanced SQL injection in Oracle databases
by Esteban Martinez Fayo (Black Hat Briefings)
http:\www.argeniss.com
 
9) Simple Sql Injection
http://0-day.x128.net/simple-sql-injection.html
 
10) Detection of SQL injection and cross-site scripting attacks by K.K. Mookhey and Nilesh Burghate
 
11) Database Security: Beyond the password by George Jucan
 
12) Hackproofing Oracle Application Server by David Litchfield  NGSSoftware
 
13) Evading network based Oracle database intrusion detection systems http://www.integrigy.com/security-resources/whitepapers
 
 
14) "Oracle Database IDS Evasion Techniques for SQL*Net", Joxean Koret, http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0593.html.
 
15) "An Introduction to SQL Injection Attacks for Oracle Developers", Stephen Kost, Integrigy Corporation, http://www.integrigy.com/security-resources/whitepapers/Integrigy_Oracle _SQL_Injection_Attacks.pdf/view.
 
16) The Database Hacker's Handbook: Defending Database Servers  by David Litchfield (VERY GOOD!)
 
17) http://www.databasesecurity.com
regards,  
..
..
 
There is so much material ...
 
regards
Ivan
IP Logged

regards,

Ivan
ITStudent
PeteFinnigan.com Newbie
*





   
View Profile |

Gender: male
Posts: 5
Re: Security Whitepaper
« Reply #2 on: May 21st, 2007, 1:48pm »
Quote | Modify


thank you Ivan
IP Logged
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Security Whitepaper
« Reply #3 on: May 25th, 2007, 8:33am »
Quote | Modify

Him
 
Please let us all have a URL of your paper when you have finished so we can all benefit from it.
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
ITStudent
PeteFinnigan.com Newbie
*





   
View Profile |

Gender: male
Posts: 5
Re: Security Whitepaper
« Reply #4 on: May 25th, 2007, 8:46am »
Quote | Modify

Hi Pete,
 
I will post an URL or send you this paper but it will be written in german because I am studying on a german university.
 
 
regards
ITStudent
 
 
 
 
 
 
« Last Edit: May 25th, 2007, 8:47am by ITStudent » IP Logged
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Security Whitepaper
« Reply #5 on: May 25th, 2007, 10:19pm »
Quote | Modify

Hi,
 
Thanks for your reply. I dont mind to post links to German papers, we have quite a few native german speakers who come here. I can read bits of German myself and of course most of the technical bits (commands, SQL etc) would be English.
 
I look forwards to seeing your efforts
 
Thanks
 
Cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board