Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Nice article on SQL Injection"] [Next entry: "Frank has an interesting post about the movie Troy"]

Frank has a review of Bruce Schneier book Beyond Fear

I just saw a post from Frank Nimphius on - (broken link) the orablogs site about his reading of Bruce Schneier's book "Beyond Fear" over the Christmas period. Franks post is titled - (broken link) Security: "Beyond Fear" by Bruce Schneier.

Frank has given a good insight into security in this short review - he talks about the need to plan for security not to just use the features of the software or language being used at the time. This is a key concept and should be obvious. You should always design security solutions based on the need to secure and what needs to be secured. I guess its like saying - I have added a great password policy to the database and audited all of he passwords, they are all strong and now no one can break in and steal the data. But the server is not secured and anyone can get access to the file system and read the raw data files. OK, it's not a very good example but the point is a security solution needs to be designed from he ground up and ideally from day one of a project design not tacked on after project completion. The book talks about threat and counter measure, another angle that most implementers of security do not always consider.

Frank gives some great quotes from the book that he wrote down as he read it. - (broken link) His post again is here.