Call: +44 (0)7759 277220 Call
Forum

Welcome, Guest. Please Login.
Nov 21st, 2024, 2:32pm
News: Welcome to Pete Finnigan's Oracle security forum
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Security
(Moderator: Pete Finnigan)
   Security Whitepaper
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: Security Whitepaper  (Read 3346 times)
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Security Whitepaper
« on: May 16th, 2007, 11:19am »
Quote | Modify

Hi @ all,
 
I am preparing to write a howto of securing Oracle Database, Oracle Application Server and Infrastructure and Oracle CMSDK (iFS). I have already read Oracle Security Guides and some Whitepapers written by Pete Finnigan and Alex Kornbrust.
 
Could someone give me a suggestion of pages and whitepapers which would be progressed, interesting and up-to-date? Information which I should not forget to bring in?
 
Thanks in advance for any Information
ITStudent
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Security Whitepaper
« Reply #1 on: May 16th, 2007, 6:48pm »
Quote | Modify

Hi ITStudent,
 
My  list of interesting papers (in random order) is:
 
1) Search Engines Used to Attack Databases by Aaron.C Newman (http://www.appsecinc.com)
 
2) Is finding security holes a good idea? by Erik Rescorla
  http://www.computer.org/security/
 
3) SQL Injection Are Your Web Applications Vulnerable?
   Spi Dynamics
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf
 
4) Stopping Injection attacks with computational theory by Robert J. Hansen and Meredith L. Patterson
 
5) Oracle database 10g release 2
   Defense in deptch security
   Oracle white paper
 
6) An Asssessment of the Oracle Password Hasshing Algorithm by Joshua Wrigth and Carlos Cid
 
7) Guns and Butter: Towards Formal Axioms of Input Validation
by Robert J. Hansen and Meredith L. Patterson
 
Cool Advanced SQL injection in Oracle databases
by Esteban Martinez Fayo (Black Hat Briefings)
http:\www.argeniss.com
 
9) Simple Sql Injection
http://0-day.x128.net/simple-sql-injection.html
 
10) Detection of SQL injection and cross-site scripting attacks by K.K. Mookhey and Nilesh Burghate
 
11) Database Security: Beyond the password by George Jucan
 
12) Hackproofing Oracle Application Server by David Litchfield  NGSSoftware
 
13) Evading network based Oracle database intrusion detection systems http://www.integrigy.com/security-resources/whitepapers
 
 
14) "Oracle Database IDS Evasion Techniques for SQL*Net", Joxean Koret, http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0593.html.
 
15) "An Introduction to SQL Injection Attacks for Oracle Developers", Stephen Kost, Integrigy Corporation, http://www.integrigy.com/security-resources/whitepapers/Integrigy_Oracle _SQL_Injection_Attacks.pdf/view.
 
16) The Database Hacker's Handbook: Defending Database Servers  by David Litchfield (VERY GOOD!)
 
17) http://www.databasesecurity.com
regards,  
..
..
 
There is so much material ...
 
regards
Ivan
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Security Whitepaper
« Reply #2 on: May 21st, 2007, 1:48pm »
Quote | Modify


thank you Ivan
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Security Whitepaper
« Reply #3 on: May 25th, 2007, 8:33am »
Quote | Modify

Him
 
Please let us all have a URL of your paper when you have finished so we can all benefit from it.
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Security Whitepaper
« Reply #4 on: May 25th, 2007, 8:46am »
Quote | Modify

Hi Pete,
 
I will post an URL or send you this paper but it will be written in german because I am studying on a german university.
 
 
regards
ITStudent
 
 
 
 
 
 
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Security Whitepaper
« Reply #5 on: May 25th, 2007, 10:19pm »
Quote | Modify

Hi,
 
Thanks for your reply. I dont mind to post links to German papers, we have quite a few native german speakers who come here. I can read bits of German myself and of course most of the technical bits (commands, SQL etc) would be English.
 
I look forwards to seeing your efforts
 
Thanks
 
Cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board
  • PFCLScan PFCLScan

    Simply connect PFCLScan to your Oracle database and it will automatically discover the security issues that could make your Oracle database vulnerable to attack and to the potential loss of your data.

  • PFCL Obfuscate PFCLObfuscate

    PFCLObfuscate is the only tool available that can automatically add license controls to your PL/SQL code. PFCLObfuscate protects your Intellectual Property invested in your PL/SQL database code.

  • PFCLCode PFCLCode

    PFCLCode is a tool to allow you to analyse your PL/SQL code for many different types of security issues. PFCLCode gives you a detailed review and reports and includes a powerful colour syntax highlighting code editor

  • PFCLForensics PFCLForensics

    PFCLForensics is the only tool available to allow you to do a detailed live response of a breached Oracle database and to then go on and do a detailed forensic analysis of the data gathered.

  • Products We resell PFCLReselling

    PeteFinnigan.com Limited has partnered with a small number of relevant companies to resell their products where they enhance or compliment what we do

  • PFCLATK PFCLATK

    PFCLATK is a toolkit that allows detailed pre-defined policy driven audit trails for your Oracle database. The toolkit also provides for a centralised audit trail and centralised activity reporting

  • PFCLCookie PFCLCookie

    PFCLCookie is a useful tool to use to audit your websites for tracking cookies. Scan websites in a natural way using powerful browser driven scanner

  • PFCL Training PFCLTraining

    PFCLTraining is a set of expert training classes for you, aimed at teaching how to audit your own Oracle database, design audit trails, secure code in PL/SQL and secure and lock down your Oracle database.

  • PFCL Services PFCLServices

    Choose PFCLServices to add PeteFinnigan.com Ltd to your team for your Oracle Security needs. We are experts in performing detailed security audits, data security design work and policy creation

  • PFCLConsulting PFCLConsulting

    Choose PFCLConsulting to ask PeteFinnigan.com Limited to set up and use our products on your behalf

  • PFCLCustom PFCLCustom

    All of our software products can be customised at a number of levels. Choose this to see how our products can be part of your products and services

  • PFCLCloud PFCLCloud

    Private cloud, public cloud, hybrid cloud or no cloud. Learn how all of our services, trainings and products will work in the cloud

  • PFCLUserRights PFCLUserRights

    PFCLUserRights allows you to create a very detailed view of database users rights. The focus of the reports is to allow you to decide what privileges and accounts to keep and which to remove.

  • PFCLSTK PFCLSTK

    PFCLSTK is a toolkit application that allows you to provide database security easily to an existing database. PFCLSTK is a policy driven toolkit of PL/SQL that creates your security

  • PFCLSFTK PFCLSFTK

    PFCLSFTK is a toolkit that solves the problem of securing third party applications written in PL/SQL. It does this by creating a thin layer between the application and database and this traps SQL Injection attempts. This is a static firewall.

  • PFCLSEO PFCLSEO

    PFCLSEO is a web scanner based on the PFCLScan technology so that a user can easily scan a website for technical SEO issues