Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Nov 23rd, 2017, 7:17am
News: If you would like to register contact the forum admin
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Security
(Moderator: Pete Finnigan)
   Good application for a security workshop
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: Good application for a security workshop  (Read 5038 times)
Marcel-Jan
PeteFinnigan.com Junior Member
**






   
View Profile | WWW |

Gender: male
Posts: 83
Good application for a security workshop
« on: Dec 21st, 2010, 8:49am »
Quote | Modify

I'm working on a one-day workshop called "Hack your own database" to show DBAs why security is important, but in a different way. Not with the usual rethoric, but by showing them they can hack their databases too and therefor should protect them.
 
So I'm thinking about creating a workshop environment with Oracle 10g or 11g with the usual config mistakes and some kind of application. I'd really like to have a simple application in which I could demonstrate what SQL Injection is. Of course it should look like an application and have a  schema in the database. And it should be one without the effort of days of programming.
 
Any idea what would be a great (vulnerable) tool for this?
IP Logged
gamyers
PeteFinnigan.com Junior Member
**



I love YaBB 1G - SP1!

   
View Profile |

Posts: 80
Re: Good application for a security workshop
« Reply #1 on: Dec 23rd, 2010, 5:40am »
Quote | Modify

There's a very basic example of one here, including source code:
 
http://www.codingspace.org/2009/04/teach-me-sql-injection/
 
It is mySQL based so you'd need a few changes for Oracle but nothing compared with coding up something yourself.
 
IP Logged
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Good application for a security workshop
« Reply #2 on: Jan 6th, 2011, 11:59am »
Quote | Modify

Hi Marcel-Jan,
 
I use orablog for my training classes which is wordpress ported to use Oracle as its database. Its an old wordpress but its not rich in features and also is not designed to demo SQL Injection. I can however get it to error so its not a stones throw to get it to SQL Inject also.
 
email me if you want a copy.
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Marcel-Jan
PeteFinnigan.com Junior Member
**






   
View Profile | WWW |

Gender: male
Posts: 83
Re: Good application for a security workshop
« Reply #3 on: Jan 12th, 2011, 12:49pm »
Quote | Modify

A collegue has offered to make a very simple Java application for me that can be misused with SQL injection.  
 
I've tried it and it is indeed very simple, but it works.
IP Logged
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board