|
||
|
Title: Security Whitepaper Post by Pete Finnigan on May 16th, 2007, 11:19am Hi @ all, I am preparing to write a howto of securing Oracle Database, Oracle Application Server and Infrastructure and Oracle CMSDK (iFS). I have already read Oracle Security Guides and some Whitepapers written by Pete Finnigan and Alex Kornbrust. Could someone give me a suggestion of pages and whitepapers which would be progressed, interesting and up-to-date? Information which I should not forget to bring in? Thanks in advance for any Information ITStudent |
||
|
Title: Re: Security Whitepaper Post by Pete Finnigan on May 16th, 2007, 6:48pm Hi ITStudent, My list of interesting papers (in random order) is: 1) Search Engines Used to Attack Databases by Aaron.C Newman (http://www.appsecinc.com) 2) Is finding security holes a good idea? by Erik Rescorla http://www.computer.org/security/ 3) SQL Injection Are Your Web Applications Vulnerable? Spi Dynamics http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf 4) Stopping Injection attacks with computational theory by Robert J. Hansen and Meredith L. Patterson 5) Oracle database 10g release 2 Defense in deptch security Oracle white paper 6) An Asssessment of the Oracle Password Hasshing Algorithm by Joshua Wrigth and Carlos Cid 7) Guns and Butter: Towards Formal Axioms of Input Validation by Robert J. Hansen and Meredith L. Patterson 8) Advanced SQL injection in Oracle databases by Esteban Martinez Fayo (Black Hat Briefings) http:\\www.argeniss.com 9) Simple Sql Injection http://0-day.x128.net/simple-sql-injection.html 10) Detection of SQL injection and cross-site scripting attacks by K.K. Mookhey and Nilesh Burghate 11) Database Security: Beyond the password by George Jucan 12) Hackproofing Oracle Application Server by David Litchfield NGSSoftware 13) Evading network based Oracle database intrusion detection systems http://www.integrigy.com/security-resources/whitepapers 14) "Oracle Database IDS Evasion Techniques for SQL*Net", Joxean Koret, http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0593.html. 15) "An Introduction to SQL Injection Attacks for Oracle Developers", Stephen Kost, Integrigy Corporation, http://www.integrigy.com/security-resources/whitepapers/Integrigy_Oracle_SQL_Injection_Attacks.pdf/view. 16) The Database Hacker's Handbook: Defending Database Servers by David Litchfield (VERY GOOD!) 17) http://www.databasesecurity.com regards, .. .. There is so much material ... regards Ivan |
||
|
Title: Re: Security Whitepaper Post by Pete Finnigan on May 21st, 2007, 1:48pm thank you Ivan |
||
|
Title: Re: Security Whitepaper Post by Pete Finnigan on May 25th, 2007, 8:33am Him Please let us all have a URL of your paper when you have finished so we can all benefit from it. cheers Pete |
||
|
Title: Re: Security Whitepaper Post by Pete Finnigan on May 25th, 2007, 8:46am Hi Pete, I will post an URL or send you this paper but it will be written in german because I am studying on a german university. regards ITStudent |
||
|
Title: Re: Security Whitepaper Post by Pete Finnigan on May 25th, 2007, 10:19pm Hi, Thanks for your reply. I dont mind to post links to German papers, we have quite a few native german speakers who come here. I can read bits of German myself and of course most of the technical bits (commands, SQL etc) would be English. I look forwards to seeing your efforts Thanks Cheers Pete |
||
|
Powered by YaBB 1 Gold - SP 1.4! Forum software copyright © 2000-2004 Yet another Bulletin Board |