Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Public Demonstration of PFCLScan in Edinburgh Thursday May 13th"] [Next entry: "New Public Oracle Security Training Class Dates announced"]

New Oracle Security presentation available

I was in Holland the week before last on June 2nd, to speak at the Logica Guro4Pro event at their offices close to Den Haag. This was a nice event with some really great questions and discussions during my talk and also afterwards. My presentation was really about two things, 1) how easy it is in reality to steal data and 2) what is the correct methodology to use to protect your data.

The presentation included 7 demos, some of which going on for up to 15 - 20 minutes. I wanted to demonstrate how exploits work but also how easy it is to steal data realistically or maybe more aptly described as opertunistically. I then showed how to find the true access paths to the data and then showed some stealth attacks against the database. These were based around avoiding audit, hiding your presence and also spoofing. The presentation went down very well indeed and it was fun to do demos that in general worked well!

The slides are available on my Oracle Security white papers page.