Auditing an Oracle database for security issues is very important. provides all of the information and tools that you will need Click here for details of Limited's detailed Oracle database security audit service Click here for details of Limited's Oracle Security Training Courses
There are 58 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog

Home » Archives » July 2006 » Blackhat Las Vegas 2006 and unwrapping PL/SQL

[Previous entry: "Oracle's summer update fixes 65 flaws"] [Next entry: "Oracle Password Repository"]

Blackhat Las Vegas 2006 and unwrapping PL/SQL

July 24th, 2006 by Pete

The two elements of the title of this post are related. I am speaking at the Blackhat USA conference 2006 in Las Vegas next week (August 1st to August 3rd) about how to unwrap PL/SQL. The schedule gives details of all the papers and there are some good ones this year. David Litchfield as usual does not announce in advance what he is speaking about, Alex is talking about 2nd generation root kits for Oracle databases and there are couple more database talks, SQL Injection by truncation and also a talk about how to audit without killing the system. There are lots of other great security papers that are non - Oracle related.

My presentation is all about how PL/SQL is wrapped in 9i and lower and how the wrap mechanism works internally and also about the features and programs shipped by Oracle to allow reading of wrapped code. I will also present a simple proof of concept unwrapper - written of course in PL/SQL. I am also showing that Oracle always knew that PL/SQL could be unwrapped. The 10g mechanisn is also discussed along with some ideas on how to protect your source code. A little more detail is shown in the summary on the blackhat site.

July 2006

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives

Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

Atom 0.3 FEED
Powered by gm-rss 2.0.0

Valid XHTML 1.0!