Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "The first Oracle 11g password cracker"] [Next entry: "Weakness in Oracles new 11g authentication protocol"]

Nice SQL Injection cheat sheet



I saw an entry on Alex's blog refering to a nice SQL Injection cheat sheet for Oracle that includes a good overview of some of the common types of syntax that can be used in SQL Injection attacks. The author admits he is new to Oracle but the list is a good first stab at it.

Also referenced in the same page is a link to a more complete SQL Injection reference for other databases including MySQL, MS SQL Server PostGreSQL and of course Oracle. This paper is titled "SQL Injection Cheat Sheet" and is an excellent reference to the types of SQL injection available.