My first session is called Fuzzing PL/SQL and is overviewed here from my submission:
traditionally developers may review PL/SQL code by hand or by using free or commercial tools to parse the code looking for potential exploits.
In this talk we take a different approach. We attack the PL/SQL packages and procedures just as an attacker would.
I will explain what fuzzing is and how it can be used on PL/SQL and also do some live demos to show how errors may be generated and what that means for security of the PL/SQL.
Of course we will take some of the fuzzing to the limit and exploit the code. What does that mean? - i.e. if we exploit the code successfully then maybe an error is not generated.
I will discuss the limits of this type of code testing and what they mean
Fuzzing is an other string to your bow of securing PL/SQL
The second talk is called "A design Pattern to Secure Data in Your Database" and is overviewed here from my submission:
I have been advising and teaching people to use a simple design pattern to secure something critical in the database such as a system privilege like ALTER USER or an external resource such as a file system or to secure your most important data.
We can use standard features of the database, some security, some not strictly security.
We can use a simple design pattern that isolates the thing we want to secure and then build layers of security around that.
Sounds intriguing?
I will walk through a complete example to show how a particular set of data can be secured from tampering and change and allows only the access you wish.
The method can be tweaked and changed to your desires and can be used on any type of database ADB, cloud, premise, EE, SE, etc
Hope to see you all there this year!
#oracleace #sym_42 #UKOUGDiscover25 #UKOUG #conference #community #oracle #database security
