[Previous entry: "Transparent Data Encryption (TDE) certified for Apps 11i"] [Next entry: "Download some free chapters from the Oracle Hackers Handbook"]
Oracle Hackers Handbook
January 30th, 2007 by Pete
Post to del.icio.us
Post to Furl
I just received a preview copy of the new book by David Litchfield, "Oracle Hackers Handbook" - ISBN 978-0-470-08022-1. I have skimmed through all pages and now I will start and read it cover to cover. It is a good book and one that should be on the shelf of anyone interested in how hackers can break the security of an Oracle database. Its a short book, some 140 pages of content not including the appendix of default passwords and also not including first chapter which is a primer on Oracle architecture. The book includes details on the Oracle network architecture. David talked about an aspect of this recently in a full disclosure post and I talked about this here in a post "Stealing Oracle passwords from the wire". He goes on to cover attacking the listener, the dispatcher, the authentication process and a lot of detail around PL/SQL, unwrapping, SQL Injection, privileges, triggers, indirect privilege escalation,defeating VPD, Oracle web apps, how to run OS commands, the file system and attacking the network.
This is a good book and anyone serious about securing their Oracle databases should read it.
