Call: +44 (0)1904 557620 Call

Web Links

This page brings together some of the URL's that I use regularly to find out security information and particularly information about Oracle security, programming and internals. The page is broken into some logical sections to highlight different areas of interest.

Oracle information web sites

This is a list of some of the web sites that I visit that display "good" Oracle information, either security, tuning, internals products, services and so on.

Link Description This is the main web site for Oracle corporation in the US.
  New York based Application Security Inc's web site. Aaron Newman is one of the founders and the co-author of the "Oracle Security Handbook". Application Security Inc provide a few Oracle white papers and presentations on their site along with some Oracle tools. The site also includes seperate HTML pages for each vulnerability tested for by App Sec tools. This is a good resource for anyone interested in Oracle security. Excellent Oracle knowledge and information site. There are many scripts and papers available and a good mailing list. Excellent Oracle web site. There are many many resources on this site and it is a good starting point for any Oracle query or question.
Link no longer works Ixora's web site has excellent resources mainly dedicated to Oracle tuning. The site is run by Steve Adams company and is based in Australia. The site is included here because of the inclusion of an excellent search engine and also that Steve includes some good Oracle internals details. This is the web site of the well known Oracle consultant and author Jonathan Lewis. His site contains the Ora Faq and lots of good Oracle information.

Security Web sites

General security web sites, useful for security and hacker news, bug and vulnerability alerts.

Link Description SANS (System Administration, Networking and Security) Institute is a research and education oragnisation that encourages cooperation amongst security, network and system administrators to share lessons learned and to reach consensus on techniques used. Security focus hosts many security discussion forums and provides one of the largest sources of security information to the public. UK CERT (Computer Emergency Response Team) provides vendor neutral advice on security.

Security news Web sites

Web sites that publish security news on a regular basis.

Link Description Excellent news web site for the IT industry that covers security issues well.

Non security Oracle sites

The following are a set of websites that specialise in Oracle but not security as such. I often find myself looking at all Oracle based tools even if they are not related to security. Some tools are useful to help in analysing a database such as tools to query the object heirarchy. Some tools on the otherhand are handy to extract information about the layout of a database and to even generate rebuild, recreate or DDL scripts.

Watch this space for links to useful Oracle tools that can help you understand the structure and layout of your database.

Link Description
link no longer works: TOYS (Tool for Organising Your Schemas This is an excellent tool that allows you to manage your schema details. The tool can be used to capture schemas from more than one database and then from those schemas generate DDL to recreate the schema and also to compare two schemas. The tool is very fast and enjoys a lot of configuration options. The key to the success of this tool is the ability to compare a working production database for instance with a reference database and to generate DDL to alter the production database structure without loss of data so that it matches the reference database.
TOYS is in Beta test but seems solid and fast. A free time limited download is available. The web site contains a useful FAQ and comprehensive help is available with the software.
From a security perspective this tool is excellent for quickly capturing a schema definition including grants to be able to get a good picture of the structure off line. TOYS also offers a good online point and click interface to browse the captured schema data.