Call: +44 (0)7759 277220 Call
PeteFinnigan.com Limited Products, Services, Training and Information
Training
Home/Training

Secure Coding in PL/SQL Training Course in York, UK February 2026

Secure coding in plsql training

Course Description

This course is a one day class on-line that teaches the delegates about the common security issues often located in PL/SQL code and created by developers without an experience of database security.

The course first places PL/SQL into the context of the problem of securing data and then looks at all of the common types of issues that make PL/SQL code vulnerable. Each type of PL/SQL coding issue is demonstrated so that the delegates can appreciate what vulnerable code looks like and then sample exploitations are demonstrated to show how the code is actually exploited by an attacker.

Then for each example the code is re-written to show how it can be made secure. Common issues include SQL and PL/SQL injection and design issues that allow this to happen.

The course also includes a look at other issues such as encryption, leakage of critical data, dangerous functions and use of incorrect privileges. The class also considers how to protect your PL/SQL code to make it harder for an attacker to steal or run code out of context.

Location And When

Secure coding in plsql training


The secure coding in PL/SQL class is being held in the historic Roman and Viking city of York in our offices at Tower Court, 3 Oakdale Road, York, YO30 4XL. The venue is easy to find on the north side of York close the ring road and not far from the city center and detailed maps and joining instructions will be provided before the event.

York is a very historic and interesting city and we hope to show any of the delegates [those who are interested of course] around the city during the evening of one of the days training with a round the city walk and some historical facts. There are lots of interesting sites, buildings, large gothic churches, railways, roman ruins, roman walls....

Three days of classes will be held in February 2026. The class dates are as follows:

Date Training Class
Monday 23rd February 2026 Secure coding in PL/SQL

Course Goals

The aim of the course is for the students to get an appreciation of how insecure PL/SQL coding can allow an attacker to steal data or abuse privilege.

Price And What's Included

This is a unique 1 day class held in York and is just £450 GBP per person + UK VAT; The following benefits are provided:

  • Free 30 day engagement license for PFCLCode
  • PDFs of all of the course slides and notes – There are over 250 pages / slides and notes
  • Free SQL, PL/SQL tools and scripts – All of the scripts used in demos are included and demonstrated. There are approximately 100 free tools which took hundreds of hours to develop and test. These tools are used by us in our work and are not toys or demos.
  • The course also includes tea / coffee during the breaks
  • Lunch is provided each day
  • We also provide a printed certificate for each attendee of the class

Course Pre-Requisites

The delegates must have a good working knowledge of PL/SQL ideally as a Developer or DBA to appreciate the content.

The class is intended for developers DBAs and who can write PL/SQL and is of an intermediate level when vulnerabilities are explained but a developer who can write PL/SQL can understand the secure coding practices.

Course Outline

The course outline is as follows:
  • Data Theft
    • This lesson covers why data can be stolen or privilege escalated in a database focusing on issues related to privileges assigned to PL/SQL, bad programming practices and leakage of data.
    • This section is an overview to allow the student to see how PL/SQL fits into the security model intended to protect Data
  • Permissions
    • We cover permissions of packages and procedures
    • Design decisions that affect security
    • PL/SQL used as part of a security solution such as VPD or encryption
  • Coding Errors
    • This section introduces common PL/SQL Security programming issues and for each shows the issue in code form and exploitation and then also in terms of secure coding and solution. These include:
      • Input validation
      • Object validation
      • Open interfaces
      • SQL and PL/SQL and Other Injection issues
      • File and external access
      • Operating system commands
      • Vulnerable and dangerous package use
      • More...
  • Dynamic SQL best practices
  • Encryption
    • Discusses encryption in the database and show examples of weakness in code design, encryption keys and more
    • Also highlights methods attackers can use to steal encrypted data or decrypt it in situ
  • Protecting PL/SQL
    • This section discusses techniques to lock down PL/SQL in terms of
      • Preventing IPR loss
      • Prevent unauthorised execution both in the host database or if the code is removed
      • License type features
      • Wrapping and unwrapping
  • Conclusions
    • Scanning software
    • Policy creation
    • Next steps

Course Instructor

The course is delivered by Pete Finnigan, a principal consultant with years of real world experience in auditing and securing and hardening customers Oracle databases. Pete is also well known for writing and presenting extensively in the area of Oracle security including the SANS Step-by-Step guidebook. The course includes the slides and delegate notes and is delivered on customers sites.

The Training Class Cost

The seminar cost is £450 GBP per person for the one day class. As the class is taught in the UK there is also UK VAT @20% to add to the training fees.

To secure your place at this public training events then please register by emailing training in the first instance and we will be happy to help you secure your place.

Registration

Registration is easy; Register and secure your place simply by emailing training.

All fees must be paid in advance. You will be sent an invoice that must be paid before the training takes place. Payment can be made by bank transfer (BACS wire transfer) or by credit card via PayPal - If PayPal card payment is required you do not need a PayPal account; we will send you a PayPal link to allow you to pay by credit card (note: we need to add a small fee to cover the card costs to us).

Would You Like This Class At A Different Location, Like to Partner?

Please email pete@petefinnigan.com to book this training course on your site or to book a place on a public training event. Also contact us to discuss your individual requirements or to discuss partnering with PeteFinnigan.com Limited. We will be pleased to hear from you.