Pete Finnigan's Oracle security weblog

A paper on Sentrigo Hedgehog and Pete Finnigan webinar slides

Fri, 12 Mar 2010 14:01:36 +0000

I did two webinars this week with Sentrigo titled "The right way to Secure Oracle", these went well. The slides for the talks have been added to my Oracle Security white papers page . I have also written a short....[Read More]

Posted by Pete On 12/03/10 At 01:59 PM

Blocking Tools from using the database

Fri, 12 Mar 2010 14:01:36 +0000

I saw Charles Hoopers post titled " Why Doesn’t This Trigger Work �" No Developer Tools Allowed in the Database " via my Oracle blogs aggregator and read it with interest as its related to issues i come across with....[Read More]

Posted by Pete On 10/03/10 At 11:08 AM

Pete Finnigan Webinar on Oracle Security

Fri, 12 Mar 2010 14:01:36 +0000

It has been quite a while since my last blog post; i keep promising to post more often and even worse I have a long list of things to blog about but I don't seem to get enough time recently....[Read More]

Posted by Pete On 08/03/10 At 04:04 PM

SANS 2010 CWE/SANS Top 25 Most Dangerous Programming Errors

Fri, 12 Mar 2010 14:01:36 +0000

SANS, Mitre and a lot of security experts have just completed the top 25 most dangerous programming errors list. This is a really useful resource and anyone developing code not just against Oracle but in general should be concerned to....[Read More]

Posted by Pete On 23/02/10 At 01:42 PM

SQL Injection and Java exploits

Fri, 12 Mar 2010 14:01:36 +0000

It has been a while since my last blog post as I have been extremely busy over the last weeks and this blog post is being posted straight after finishing a customer training session using the clients internet connection (with....[Read More]

Posted by Pete On 17/02/10 At 04:01 PM

Turkey, Germany, York, Holland and the Oak Table book

Fri, 12 Mar 2010 14:01:36 +0000

I was away most of last week to teach my class How to perform a security audit of an Oracle database in Istanbul, Turkey including the travel out and back. It was a good class, very well attended and some....[Read More]

Posted by Pete On 02/02/10 At 06:37 PM

The Oracle listener password algorithm

Fri, 12 Mar 2010 14:01:36 +0000

There has been a thread on my forum for a couple of years discussing the Oracle listener password algorithm. The thread is titled " Key and algo for encrypting the listener password ". This thread discussed the issue of being....[Read More]

Posted by Pete On 01/02/10 At 07:39 PM

Two new Oracle root kits

Fri, 12 Mar 2010 14:01:36 +0000

Dennis has made two great posts about Oracle rootkits on his blog. The first is about creating a backdoor into the Oracle binaries and logon process/function by replacing the C library function kziaia() so that if the user presented is....[Read More]

Posted by Pete On 20/01/10 At 02:06 PM