Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Secure Coding PL/SQL"] [Next entry: "Oracle Security WebSite Woes!"]

Oracle Security Class and software for Oracle security

I have just agreed a public class dates of my very popular "How to perform a security audit of an Oracle database" with Oracle University to be held on September 24th and 25th in Rome, Italy. The registration link with Oracle is : grin80323_1025738,p_preview:N
- Sorry the link on Oracles site breaks when embedded as a link so please cut and paste into your browser.

I have just done two successful public classes in Istanbul and Prague and have quite a number of private classes booked in over the next few months. If you would like a private class then please contact me. Also if you would like to organise a public class; many have so far, then also please contact me.

We have had great success in the last few months with our new competitive license model for our Oracle database security scanner PFCLScan. The license model as you will read is based on software installation and not the number of databases that you scan. This works well for companies using the scanner internally or if you are a consultant. The primary goal for me was to have a product that is reasonable to license and also that is useful to either use out of the box but more importantly for customers to create their own custom policies in PFCLScan that can be used to test against their own internal Oracle security standards. To this end we designed and developed the product to make it easy to create projects to scan with and also to develop your own policies to acheive easily a policy that matches your own standards. You can use our policies and checks and mix and match them into your own policies and projects. We don't encrypt the checks so you can easily modify or extend them. We also have the concept of libraries so that you can create simiilar checks once as a library and then use it and parameterise its inputs. This makes cutting and pasting unnecessary in terms of writing policies. We also support checks in many different languages and targets as well as questionaire type checks.

As I said the focus for us was to provide a rich interface that is open and very flexible to allow easy creation of your own policies to your own standards. You can of course just run ours!

We have adopted the same license model for our other product PFCLObfuscate. This is again licensed per software installation and not targets or files protected. This product can be used to protect your PL/SQL. If you write/sell/deploy applications written in PL/SQL then you should look at PFCLObfuscate to help protect the invested IPR in your PL/SQL code.

Contact us for more details or if you would like to purchase a license.