Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "More on Oracle hacking techniques"] [Next entry: "New paper: Cursor injection - attacking Oracle with just CREATE SESSION"]

11i Security papers available

I got an email from someone (Sorry I am writing this without access to my email and I cannot remember the persons name) who sent me a link to the - (broken link) Oracle applications user group (OAUG) insight fall 2006 paper. I have been a fan of them for a while as besides being well into Oracle database security I have also spent quite a lot of time in the last few years getting up to speed with Oracle E-Business Suite (Oracle Applications) security.

The paper includes a section titled "30-Minute release 11i security: Keeping the bad guys away" - by Randy Giefer. The article is excellent and does a good job of overviewing the security settings of E-Business Suite. An interestimng angle of the paper is the fact that the author targets the fact that most security is built for expernal attack prevention but the FBI has published that 80% of attacks are done by insiders. This is one reason that security must work for all attack possibilities, internal or external.