Call: +44 (0)7759 277220 Call
Training
Home/Training

Oracle Security Training Course in York, UK 2025

Oracle security training

Are you responsible for the data held and processed in Oracle databases? If you are it must worry you that the database can be breached or the data can be changed or stolen.

Reduce the stress and worry!

Learn how to assess the security of your valuable data held and processed in an Oracle Database and how to then secure that data. This 3 day course is the best resource to help you secure your Oracle databases. The class is taught by Pete Finnigan, an expert in securing data in Oracle databases for more than 21 years; an Oracle ACE Pro and a member of the OakTable and SYM 42 groups.

The class is fast paced, interesting and covers the problem and process cradle to grave of securing Oracle. We start by showing how it is possible to hack an Oracle database from multiple vantage points; as an end user of an application, as a developer or power user of the database and as a DBA. Then we go on to set the scene for the whole class structure before looking at how Oracle works and how data can leak. We follow on with a more detailed look at examples of individual problems that can cause security leaks.

Once we have a good grounding of the architecture of Oracle and how data can leak naturally, how we as customers design and implement weak security then we are in a position to decide how to secure the data. We discuss planning how to secure all databases and then how to review a sample database to see what we have now in terms of security. Then we are in a position to see what is good, what is bad and how to design and secure all databases across your organisation.

We then start to review each area of the database discussing how to see what works and what doesn't and also covering solutions to each problem as we progress. We cover many areas from authentication, authorisation, users passwords, roles, profiles and much more. We cover the OS, the network, the core database and all facets of securing it as well as diving into specific data security examples such as credit card storage. We cover audit trails, firewall's, intrusion detection as well as a look at the additional layers of security that Oracle offers such as Database Vault, VPD, TSDP, Encryption and more.

The class finishes with look at how to act and respond and investigate if your database is breached. We cover how to create policies and plans for securing all Oracle databases and finish with a walk through of some free tools to help with the who process

Cloud or NOT Cloud

What we show is that it does not matter if your database is in the cloud or not in the cloud. The risks and issues to the security of the data are the same. Yes, the cloud infrastructure might be better in terms of security than your in house set up BUT if the design and implementation of your database and application is not secure on premise then moving to the cloud does not magically make it secure. Everything in this class applies to cloud or not cloud.

The class is interspersed with lots of real life experience in the area of Oracle security by one of the few people who performs detailed security audits of Oracle databases worldwide. Lots of anecdotes, wisdom and real life!

Location And When

Oracle security training


The Oracle Security seminar is being held in the historic Roman and Viking city of York in our offices at Tower Court, 3 Oakdale Road, York, YO30 4XL. The venue is easy to find on the north side of York close the ring road and not far from the city center and detailed maps and joining instructions will be provided before the event.

York is a very historic and interesting city and we hope to show any of the delegates [those who are interested of course] around the city during the evening of one of the days training with a round the city walk and some historical facts. There are lots of interesting sites, buildings, large gothic churches, railways, roman ruins, roman walls....

Three days of classes will be held in February 2025. The class dates are as follows:

Date Training Class
Tuesday 21st January 2025 How to secure an Oracle Database - day 1
Wednesday 22nd January 2025 How to secure an Oracle Database - day 2
Thursday 23rd January 2025 How to secure an Oracle Database - day 3

Come and learn about the securing your own precious data in a beautiful and historic Roman and Viking city. A city in fact with three names; the Romans called it Eboracum, the Vikings called it Jorvik and we now call it York.

Who is it for

The training use useful to almost anyone who is involved with Oracle databases and cares that the data they are responsible for is not stolen. Here is a brief list of some of the job types that will benefit from this training and why.

  • DBA: If you administer the databases then you are responsible for the security settings and changes
  • System Architect or designer: If you design Oracle systems that include the database you should be aware of how to secure them.
  • Security personnel (internal or external): Security teams whether internal or external should not consider the Oracle database a sealed unit or box and should be aware of the security issues with the database and how to resolve them.
  • Security Auditors: External audit companies who focus on auditing customer systems tend to skim lightly over Oracle databases as its a complex area to consider. They can benefit from a much deeper knowledge of securing data in Oracle databases
  • Database Application and software developers:
  • Developers: If you develop software for an Oracle database in PL/SQL or Apex and PL/SQL or forms, ADF, Java, C, VB or more then you should consider the overall picture of how securing data in an Oracle database works
  • Managers: Even if you are not technical or deeply technical BUT you manage teams of technical staff working on Oracle databases or including Oracle databases then you should be aware of the security risks with Oracle designs and methods to prevent those risks

The type of person who will benefit is not limited to the list above. If you use Oracle databases or are involved with Oracle databases and even if security is not your primary role; this class is for you. Even if you use a different database such as MS SQL or mySQL or Postgres then a lot can still be learned that you can apply to your database of choice

Price And What's Included

This is a unique 3 day class held in York; The following benefits are provided:

  • Free 30 day engagement license for both PFCLScan and PFCLForensics
  • PDFs of all of the course slides and notes – There are over 650 pages / slides and notes
  • Free SQL, PL/SQL tools and scripts – All of the scripts used in demos are included and demonstrated. There are approximately 150 free tools which took hundreds of hours to develop and test. These tools are used by us in our work and are not toys.
  • The course also includes tea / coffee during the breaks
  • Lunch is provided each day
  • We also provide a printed certificate for each attendee of the class

You must make your own travel and accommodation arrangements – more details are provided in the joining instructions or by contacting us. Any assistance needed with bookings can be provided but travel and accommodation must be booked by the delegate.


Prior knowledge needed

The attendee should have some knowledge of the Oracle database but whilst there is a lot of targeted and designed material the things we look at in an Oracle database are not complex. Provided you have some basic knowledge you will be fine

Agenda

This section show a high level view of the 3 day course agenda:

  • Getting Started
    • Opening gambit – demonstrate hacking Oracle
    • Introduction to Oracle security
      • Overview of the current key issues
      • First principals
    • Test environment
    • Oracle structure with a security slant
      • Database logical structure
      • Database physical structure
      • Key components
      • Basic tools
      • SQL and PL/SQL
  • Why data is not secure
    • Background to Oracle Security
      • Information
      • Tools
      • Checklists
    • Why perform a security audit on an Oracle database?
      • Internal threats
      • Power users
      • DBA's
      • Bugs
    • Exploits and attack vectors
      • Configuration
      • SQL Injection
      • Data theft
  • Planning what and how to secure data
    • Planning an audit
      • Environment
      • Tools
      • Planning
      • Expected results
    • Preparing for an audit
      • Gathering tools
      • Preparing
      • Keep it neutral
    • Starting the audit
      • Organising connections
      • Understand the architecture
  • Gather details of the current setup and secure users
    • Interview key staff
      • Backups, Resilience
      • Access methods
    • Base data
      • Versions, Patches, Software installed
    • Audit users
      • Enumeration, Password strength
      • Oracle 23 additions
      • Profiles, Network and password protection
    • Context
      • Oracle cost options and third party
      • Create your own solutions
  • Review and secure the operating system and networking
    • Review and audit the operating system
      • Looking for passwords
      • Data leakage
      • Configuration
      • Permissions
    • Review the Oracle networking
      • Passwords
      • Listener configuration
      • Permissions
      • Logging
    • Firewall's and protection and detection
  • Secure the database
    • Review the database configuration
      • Roles
      • Profiles
      • Resources
      • Permissions on objects
      • Code
      • Privileges
      • Parameters
    • Changes in 23c for permissions and roles
    • Third party security
    • Oracle security cost options
  • Protect special data, auditing and forensics
    • Review critical data
      • Reviewing critical data
      • Credit Cards
      • Problems with special data
    • Review audit trails
      • Oracle audit facilities
      • Audit the audit trails
      • Audit configuration
      • Audit data storage
      • Logins – failed and successful
      • Listener logs
    • Forensics
      • Review of managing a data breach
  • Wrapping up, automation and policy
    • Analyse the data found
    • Risk assessment
    • Identify vulnerabilities
    • Document the audit
    • Correction strategy
    • Longer term and policies
    • Automate the process
      • Tools
      • Monitoring
    • Conclusions

The Training Class Cost

The seminar cost is £1345 GBP per person for the three day class. As the class is taught in the UK there is also UK VAT @20% to add to the training fees.

To secure your place at any of these public training events then please register by emailing training in the first instance and we will be happy to help you secure your place.

Places are going to be limited to keep the classes as intimate as possible so do not delay in booking your place

Registration

Registration is easy; Register and secure your place simply by emailing training.

All fees must be paid in advance. You will be sent an invoice that must be paid before the training takes place. Payment can be made by bank transfer (BACS wire transfer) or by credit card via PayPal - If PayPal card payment is required you do not need a PayPal account; we will send you a PayPal link to allow you to pay by credit card (note: we need to add a small fee to cover the card costs to us).

Would You Like This Class At A Different Location, Like to Partner?

Please email training@petefinnigan.com to book this training course on your site or to book a place on a public training event. Also contact us to discuss your individual requirements or to discuss partnering with PeteFinnigan.com Limited. We will be pleased to hear from you.