Pete Finnigan's Oracle Security Weblog

I saw a post on the LogicaCMG blog - Blogging about Oracle a few days ago and made a note to talk about it here. This post is titled http://www.bloggingaboutoracle.org/archives/how-to-create-a-nice-big-security-leak - (broken link) How to create a nice big security leak… and is interesting to me for two reasons. The first is that the guys decided to try and break their own applications to test their own security. This is great, everyone should start to think about doing these sorts of tests (with permission of course). This shows that people are realising that application and database security is as inmportant as the old bastions of security such as firewalls, virus protection...

The second reason I was interested was because of the problem which these guys found. The code was written to be functional, i..e to perform a function without thinking about how it could be abused. Anyone who writes applications nowadays especially applications connected to the Intranet or Internet and even more especially if they use databases needs to think security first. Why if they use databases? - well because there is now a trend to steal data from databases, whereas the old security issues seemed to center around the fact that some spotty kid in their bedroom would dial up and hack your servers, the world has moved on, data is big business now.