Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Two more accounts of the Chuck Rozwat 10g R2 keynote at OOW"] [Next entry: "Justin talks more about the 10g R2 keynote at OOW"]

Addendum to yesterdays auditing SQL from black box third party applications

I was thinking further about the post I made yesterday about how to audit SQL from black box third party applications. I said at the end of the post there are probably other ways to detect the SQL being sent from an application.

Well one area I did not think of yesterday and probably an area that is not of interest to the original poster on c.d.o.s is the possibility of commercial tools that can be used to grab all the SQL emitted from an application or from the other end arriving at the database (depends on where the tool is positioned). I should say that even though there are commercial tools they all do use techniques listed yesterday anyway, such as network packet sniffing.

The tools that come to mind first are Chakra from OR Solutions, Guardium SQL Guard and Entegra from Lumigent Technologies Inc. Links to all of these commercial tools are available on my tools page.