Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Webinar Recording and Laszlo's TNS hijack and downgrades Presentation"] [Next entry: "Secure External Password Store"]

Java forensics and Apps Security (twice)

I made a note of Pauls recent post to his blog titled "Java Forensics In Oracle" with an intention to mention it here but never got much time over the last few weeks to blog. This is a very interesting peice on Java forensics and highlights the big issue in Oracle databases, that is that a lot of evidence is often left when executing actions in the database, particularly actions that invlove complex features such as the Java VM embedded in the database. It is a very nice article Paul!

I also saw via Joxeans twitter that he has posted his "Oracle hackproofing Oracle financials R12" presentation from rooted conference. This is a nice presentation covering some old 11i issues and some new R12 issues.

I also bought recently the new book by Jeff Hare - "Oracle E-Business Suite Controls: Application Security Best Practices (Paperback)" which is very good and is also supposed to be the first in a series of books on E-Business Suite security and controls. I liked the book very much and read it on a couple of plane rides recently. I have also just ordered the newest version of the little ISACA Oracle database security book, some words on that when it arrives from the states.