Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "New Presentation - Building Practical Oracle Audit Trails"] [Next entry: "Two New Oracle Security Presentations Available"]

Oracle Security Training In York



We ran a five day Oracle Security training event in York, England from September 21st to September 25th at the Holiday Inn hotel. This proved to be very successful and good fun. The event included back to back teaching by me of all of my Oracle Security classes:

1 - two day - How to perform a security audit of an Oracle database
2 - Secure Coding in PL/SQL
3 - Designing practical audit trails for the Oracle database
4 - secure and lock down Oracle

A number of people have already asked me if I will re-run this same training event again. I have decided to do just that in late January 2016 or early February 2016. This will be held in York, England at the Holiday Inn, Tadcaster Road, York. The date is not finalised yet as I have not agreed dates for the hotel meeting room but the exact dates will be released soon. This time it will be a three day event and not five days. The format will be:

Training Day 1 - First day of "how to perform a security audit of an Oracle database", 2 day class- including some elements of "secure coding in PL/SQL" focusing on the issues
Training Day 2 - Most of the Second day of "How to perform a security audit of an Oracle database" and including some elements of "secure coding in PL/SQL" - focusing on the auditing elements
Training Day 3 - Core of the second half of the "Locking down and securing Oracle" one day class and including some of the solutions elements from secure coding and also an overview and use of ATK our Audit Trail toolKit for Oracle. The day finishes with the round up from the "Locking down and securing Oracle" class and also from the "How to perform a security audit of an Oracle database"

This will provide a shorter event but will include all of the core classes of why data is insecure, why you as designers and users of Oracle make data insecure and also a complete walk through of an audit of an Oracle database and lots of structured lessons on how to secure and lock down a database, data and application. I use a web based application that uses an Oracle database as a demonstration system. I show at the start how it can be hacked and abused, how audit does not work and how code is vulnerable. We then use this system as the stooge system to audit and we also do our best to lock down and secure all of the core data breach problems in it. We also implement a comprehensive audit trail solution and even including a simple and robust home made application firewall. We show then by attacking this database again how it is locked down and also how audit is generated and how our firewall can kill some attacks.

This is a great opportunity to get this new combined 3 day class that shows comprehensively how to focus on locking down and understanding your data security.

As an attendee you will also get a great set of free tools and scripts to use in your own audits. This is approx 200 free tools and scripts written in SQL and PL/SQL. You will also receive pdfs of all of the slides and also printed books of the course materials to take away. The class also includes tea/coffee at breaks and hot buffet lunch every day. We can also arrange a discounted rate at the same hotel venue for attendees.

If you are interested then please email me at pete at petefinnigan dot com for more details and to register a place. The cost will be £1125GBP + VAT per person for the 3 days and discounts are available for multiple person bookings.