Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Amis Conference June 2nd and 3rd"] [Next entry: "Oracle Security Expert Seminar"]

5 Days Expert Oracle Security Training In Paris - 20th June 2016



I will be teaching 5 days on my Oracle security classes in Paris from 20th June to 24th June with Oracle University at their offices and training suite.

Details of the Oracle Security Event and how to register on Oracles website


The whole week is expert class room based training taught by myself and including a large number of live demos. This is a rare chance to sit down and have 5 days training in one go. I do not do these whole week blocks often so please take the opportunity to register with Oracle and come along. The five days include:

2 days - How to perform a security audit of an Oracle database
1 day - secure coding in PL/SQL
1 day - designing practical audit trails in the database
1 day - locking down and protecting Oracle.

The whole week is structured and we start off by looking at why your databases may have been designed and implemented insecurely. We use the vehicle of a security audit to walk us through the how and why and because it is a security audit we are also covering data access issues, least privilege, user designs, hardening and patching and more. We then have one day on secure coding. Even if you do not code then this day is very valuable as it shows you why and how PL/SQL can become insecure so you can use this information as part of an audit, as a manager to advise others or as a developer to code better. The fourth day is all about audit trails, firewalls and intrusion detection. We cover the whole process of designing and exploring audit trails in the database and as with coding these ideas and designs have benefits not matter what your specific job role is. The final day is the most exciting as we take all of the knowledge learned over the previous four days and use my sample database with two applications as a target to secure. We start by hacking the applications and database and show how and why it is insecure. We then lock down and secure the database including all elements of hardening of the OS, the network and database. We also look in depth to secure all accounts in the database and strive towards least privilege as well as changing the design of the database applications and we also explore context based security and breakglass and at the end of the day we look at the now severely locked down database and try and hack it again and assess the results. As part of the lock down we also bring in audit trail design and implement a comprehensive audit trail and also look at simple ways to solve secure coding issues.

As part of the class attendance you will get from me hundreds of free tools and scripts that includes thousands of lines of code.

To register and get more details please click this link