Auditing an Oracle database for security issues is very important. provides all of the information and tools that you will need Click here for details of Limited's detailed Oracle database security audit service Click here for details of Limited's Oracle Security Training Courses
There are 53 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog

Home » Archives » October 2007 » A new SQL Injection protection PL/SQL package

[Previous entry: "David Litchfield has started a new blog"] [Next entry: "New presentation on Database Vault faults"]

A new SQL Injection protection PL/SQL package

October 29th, 2007 by Pete

I saw a post on my Oracle security forum by Gary titled Steven F's SQLguard - sql injection prevention pkg that announces that Steven Feuerstein has created a PL/SQL package called sql_guard that he is calling SQL Guard that aims at developers to help them prevent SQL Injection attacks from being successful on the said developers deployed code.

This sounds very interesting and I for one have dropped Steven an email to ask for a copy for testing to see how well it works and whether its going to be of value to developers. Without seeing it its hard to comment more now, but I will comment more here if Steven does let me have a copy to test.

There has been 2 Comments posted on this article

October 30th, 2007 at 04:21 pm

Steven Feuerstein says:

Hi Pete,

I am so glad you saw that posting and of course I very much want you to look at it!

I will be writing some documentation on SQL Guard (which is not yet completed, but an early version is ready for some initial review) and then I will let all who have expressed interest to know about it.

Regards, SF

October 31st, 2007 at 08:43 am

Pete says:

Hi Steven,

Thanks very much for your comment and also your earlier email. I am looking forwards to seeing your package and testing it.



October 2007

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives

Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

Atom 0.3 FEED
Powered by gm-rss 2.0.0

Valid XHTML 1.0!