Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Running Code as SYS From Another User not SYSDBA"] [Next entry: " Limited Printed Oracle Security Training Manuals for Sale"]

Oracle Security Training In York, UK, 2018

I have just updated our public training dates page to add two new dates for Oracle Security training classes that I will be running here in York, UK. We now have 4 dates covering three available classes. These are as follows:

  • 4th to 5th July 2018 (2 Days) - How to perform a security audit of an Oracle database

  • 28th August 2018 (1 Day) - Secure coding in PL/SQL

  • 29th August 2018 (1 Day) - Oracle incident response and forensics

These are the most likely the only dates I will do as public live in person teaching events in the UK this year; I am planning other classes with partners in other countries at the moment so watch out for the details of those - I will post here and on social media when they are set up. We also have quite a number of on-line dates for public training classes on both UK/EU timezones and also USA EST timezones; please again see the public training dates page.

The 2 day class in York; How to perform a security audit of an Oracle database is a very popular class and teaches attendees how and why data can become insecure in an Oracle database and walks through the complete process of performing an audit of an Oracle database; whilst also discussing how to fix and secure issues that we see.

The 1 day class in York; Secure coding in PL/SQL is an exciting look at how and why PL/SQL can become insecure and how people can attack it and gain privileges in the database or to steal data. We cover all types of attack and also all types of best practice in secure coding; the class also covers manual and automated scanning of PL/SQL for vulnerabilities and also has a special section on how to secure the actual PL/SQL itself in terms of protecting secrets or IPR (Intellectual Property) in the code itself; as well as techniques for adding license type features to PL/SQL.

The 1 day class in York; Oracle incident response and forensics is an enthralling look at how to deal with a breach in an Oracle database; this is very opportune at the moment wth GDPR just becoming law in the last week or so. One big element of GDPR is breach notification and dealing and responding to a breach. This is a one day class that starts with a look at what is a database breach and how to recognise it and then looks at planning for an incident; creating a process and team and a toolset. We then walk through suspected breach of an Oracle database and look at how to respond, how to gather artefacts and then how to analyse and do forensic analysis. We want to answer basic questions; Did a breach occur?, When did it start?, When did it end?, How did they get in?, who did they connect as? What did they see or do? and finally what could they have done with more skills?

These are great classes and places are numbered. If you would like to book a place then please see this page.