Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle Updates Leave Critical Windows Flaw"] [Next entry: "Analysis of April 2007 CPU"]

Analysis: Automated Code Scanners: False Sense of Security?

Analysis: Automated Code Scanners: False Sense of Security?

"Remember when attackers were just out for fame and glory, and application security was someone else's problem? Big targets like Microsoft and Oracle drew the fire. All enterprise IT had to do was apply patches regularly and keep a properly configured firewall.

Those days are gone. Cracking corporate networks is no longer a kid's game, it's a lucrative criminal growth industry. The attackers who stole 45.6 million credit- and debit-card numbers from TJX Companies were professional enough to remain undetected for at least 10 months. Meanwhile, major software vendors, including Microsoft, have improved their security practices, which puts niche and in-house-developed software and Web applications squarely in the bad guys' sights."

Quite a nice paper