Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Oracle Security >> Oracle Security >> Security Whitepaper
(Message started by: Pete Finnigan on May 16th, 2007, 11:19am)

Title: Security Whitepaper
Post by Pete Finnigan on May 16th, 2007, 11:19am
Hi @ all,

I am preparing to write a howto of securing Oracle Database, Oracle Application Server and Infrastructure and Oracle CMSDK (iFS). I have already read Oracle Security Guides and some Whitepapers written by Pete Finnigan and Alex Kornbrust.

Could someone give me a suggestion of pages and whitepapers which would be progressed, interesting and up-to-date? Information which I should not forget to bring in?

Thanks in advance for any Information
ITStudent

Title: Re: Security Whitepaper
Post by Pete Finnigan on May 16th, 2007, 6:48pm
Hi ITStudent,

My  list of interesting papers (in random order) is:

1) Search Engines Used to Attack Databases by Aaron.C Newman (http://www.appsecinc.com)

2) Is finding security holes a good idea? by Erik Rescorla
 http://www.computer.org/security/

3) SQL Injection Are Your Web Applications Vulnerable?
  Spi Dynamics
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf

4) Stopping Injection attacks with computational theory by Robert J. Hansen and Meredith L. Patterson

5) Oracle database 10g release 2
  Defense in deptch security
  Oracle white paper

6) An Asssessment of the Oracle Password Hasshing Algorithm by Joshua Wrigth and Carlos Cid

7) Guns and Butter: Towards Formal Axioms of Input Validation
by Robert J. Hansen and Meredith L. Patterson

8) Advanced SQL injection in Oracle databases
by Esteban Martinez Fayo (Black Hat Briefings)
http:\\www.argeniss.com

9) Simple Sql Injection
http://0-day.x128.net/simple-sql-injection.html

10) Detection of SQL injection and cross-site scripting attacks by K.K. Mookhey and Nilesh Burghate

11) Database Security: Beyond the password by George Jucan

12) Hackproofing Oracle Application Server by David Litchfield  NGSSoftware

13) Evading network based Oracle database intrusion detection systems http://www.integrigy.com/security-resources/whitepapers


14) "Oracle Database IDS Evasion Techniques for SQL*Net", Joxean Koret, http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0593.html.

15) "An Introduction to SQL Injection Attacks for Oracle Developers", Stephen Kost, Integrigy Corporation, http://www.integrigy.com/security-resources/whitepapers/Integrigy_Oracle_SQL_Injection_Attacks.pdf/view.

16) The Database Hacker's Handbook: Defending Database Servers  by David Litchfield (VERY GOOD!)

17) http://www.databasesecurity.com
regards,  
..
..

There is so much material ...

regards
Ivan

Title: Re: Security Whitepaper
Post by Pete Finnigan on May 21st, 2007, 1:48pm

thank you Ivan

Title: Re: Security Whitepaper
Post by Pete Finnigan on May 25th, 2007, 8:33am
Him

Please let us all have a URL of your paper when you have finished so we can all benefit from it.

cheers

Pete

Title: Re: Security Whitepaper
Post by Pete Finnigan on May 25th, 2007, 8:46am
Hi Pete,

I will post an URL or send you this paper but it will be written in german because I am studying on a german university.


regards
ITStudent







Title: Re: Security Whitepaper
Post by Pete Finnigan on May 25th, 2007, 10:19pm
Hi,

Thanks for your reply. I dont mind to post links to German papers, we have quite a few native german speakers who come here. I can read bits of German myself and of course most of the technical bits (commands, SQL etc) would be English.

I look forwards to seeing your efforts

Thanks

Cheers

Pete



Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board