How to perform a security audit of an Oracle Database - Training Course [ 2 Days ]
This course teaches the delegates how to confidently perform a detailed security audit of an Oracle database. The course starts by looking at the reasons why Oracle databases are invariably insecure. This is due in part to the way Oracle works (i.e. data security is not just about setting privileges on tables). The database leaks data due to the way we design applications and this is explored in detail. The focus of the class is to appreciate where data is, what our trie task is and then how to be confident that we cover the whole arena of issues.
The course shows how a security audit is planned, how to prepare yourself for the audit, how to involve your staff and which environments are affected and should be audited. The course walks through an audit of a sample Oracle database and its applications and presents many tools, years of experience and also notes from the trenches.
“Instructors knowledge and experience beyond question! Excellent course.”
-- S.K, Large Power Supplier, UK
The course is aimed at the fundamentals of how to review a database and why and does not focus on simply running tools. It is important to understand why something is an issue, to understand how to check that its an issue and importantly understand the implications in respect to your own databases and applications before using pre-built or commercial tools.
The course includes a complete simulated audit by running through step-by-step all of the steps and components of an Oracle database audit via the medium of slides but importantly using a sample Oracle database and fully functioning content management application as a basis for the audit. Each area of the Oracle security audit is demonstrated and explained in detail.
“The course was to the point, dealt with security auditing specifically. Extremely knowledgeable and pragmatic.”
“It was a great oppertunity to learn directly from Pete”
-- C.N, Large Motor Manuf, USA
Oracle Security Audit Course Outline
The course has been designed by Pete Finnigan and is up to date using all supported versions of Oracle from 11gR2 through Oracle 12cR1. The course can be run on your own site and is over two days and includes the following topics:
- Background to key database files, structures, configurations and files relative to security
- Oracle security tools, checklists and more
- Why audit an Oracle database
- Exploiting Oracle, SQL Injection, configuration, escalation of privilege and more
- Planning an audit
- Setting up for an audit, gathering tools, prepping laptop, people, access
- Starting the audit
- Software installed, versions and attack surface
- Enumerating users, password strength and more
- Assessing users, privileges and RBAC
- Auditing the Oracle database association with the file system
- Audit Oracle networking
- Audit the database configuration
- Specialist considerations, Credit cards, personally identifiable data and more
- Review the audit trail
- Data analysis, vulnerability assessment
- Document findings, develop a policy and deciding what to fix
- A look at some of the automated tools
“Thany you very much!”
“Excellent presentation, vast knowledge on the subject”
-- P.P, Consulting Company, Finland
Course Price Structure
This course is offered at a fixed base price with an additional small fee per student. Ask us for more details by emailing firstname.lastname@example.org.
Download a PDF Flyer
Download a 2 page pdf flyer that describes the course details. 2 Page flyer - How to Perform a Security Audit Course Flyer