Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle forensics paper - part 7 and an Oracle datablock dump tool"] [Next entry: "New Year Oracle Security"]

Pete Finnigan's presentation slides available from UKOUG conference



Wow; it has been a while since my last blog post. I do seem to start blog posts in the same way recently but it has been a very busy time for me recently. I was down at UKOUG last week three times to speak in Hall 1 on the subject of Oracle security basics and then to host an Oracle security round table session that i felt went very well. Then finally I was down on the Friday to teach my two hour Oracle Security masterclass.

It was a good conference even though I was not able to spend as much time there as I would have liked. It did meet quite a lot of people though. I always find the UKOUG conference a good event for meeting people.

My two talks where I have posted up the slides are first the "Oracle Security Basics" which is based on the talk I did back in February in London. That talk was slightly longer at one hour, this one 45 minutes. I also updated the slides and added a number of new ones so its not the same paper anymore. The talk is not meant to be absolute basics but is intended to offer the experienced DBA who perhaps does not know security advice on where to look first in terms of securing an Oracle database. The talk went down well i thought, quite a few questions directly afterwards and a number of people came up to me later and discussed it.

The masterclass was held on the Friday as the last session of the day. I didn't count how many people were in the room but it was well attended, the venue people said it was the most popular of the masterclasses so if thats true, its a nice endorsement.

I had originally intended to refresh the masterclass from last year but decided on writing a complete new one; so thats what i did. In the last two years that i have done the masterclass I have taken two approaches; the first year was a brain dump of everything Oracle security that i could fit into two hours; last year I did a two hour brain dump on how to perform a security audit of an Oracle database.

This year I decided to write a new masterclass. This is a new presentation and it focusses on two areas with around 4 detailed examples. These are split into two groups, the first, how easy it is to steal data from a database and the second how easy it is to misslead youself into thinking you have secured the data when it fact you have only secured a small subset of it.

The two new sets of slides are available on my Oracle Security white papers page.