Definition of Oracle
What is Oracle?
Oracle is the world's largest database and application development software vendor founded in 1977 by Larry Ellison. The Oracle database was the first DBMS to incorporate the SQL language and to be ported to a wide variety of platforms.
|
|
Oracle
|
|
SQL Injection and Oracle, Part One
SQL injection techniques are an increasingly dangerous threat to the security of information stored upon Oracle Databases. These techniques are being discussed with greater regularity on security mailing lists, forums, and at conferences. There have been many good papers written about SQL Injection and a few about the security of Oracle databases and software but not many that focus on SQL injection and Oracle software. This is the first article in a two-part series that will examine SQL injection attacks against Oracle databases. The objective of this series is to introduce Oracle users to some of the dangers of SQL injection and to suggest some simple ways of protecting against these types of attack.
Read the Article
|
SQL Injection and Oracle, Part Two
This is the second part of a two-part article that will examine SQL injection attacks against Oracle databases. The first installment offered an overview of SQL injection and looked at how Oracle database applications are vulnerable to this attack, and looked at some examples. This segment will look at enumerating the privileges, detecting SQL injection attacks, and protecting against SQL injection.
Read the Article
|
An Introduction to SQL Injection Attacks for Oracle Developers
Most application developers underestimate the risk of SQL injections attacks against web applications that use Oracle as the back-end database. This paper is intended for application developers, database administrators, and application auditors to highlight the risk of SQL injection attacks and demonstrate why web applications may be vulnerable.
Read the Article
|
A Simple Oracle Host-Based Scanner
As with any large software package, the default installation of Oracle does not provide for the most secure system out of the box. Indeed, some aspects of the default installation are remarkably insecure. There is a high dependency on the database administrator (dba) to ensure that the system is correctly configured, thereby avoiding some of these issues.
Read the Article
|
Introduction to Simple Oracle Auditing
This article will introduce the reader to the basics of auditing an Oracle database. Oracle's RDBMS is a functionally rich product and there are a number of auditing alternatives available to the reader. Because auditing Oracle is such a huge subject, doing all of it justice would take an entire book, so this paper will cover the basics of why, when and how to conduct an audit. It will also use a couple of good example cases to illustrate how useful Oracle audit can be to an organization.
Read the Article
|
Oracle Row Level Security: Part 1
In this short paper I want to explore the rather interesting row level security feature added to Oracle 8i and above, starting with version 8.1.5. This functionality has been described as fine grained access control or row level security or virtual private databases but they all essentially mean the same thing. We will come back to this shortly but before we do that lets get to what this paper is about. This paper is meant as an overview; a taster in fact of what row level security can be used for and how it can be used, with some simple examples to illustrate. I want to also discuss some of the issues with row level security. Finally, I also want to show how to view what row level security components have been implemented in the database and also touch on how to view how the actual database queries are altered by the row level security functionality in the oracle optimizer.
Read the Article
|
Oracle Row Level Security: Part 2
In part one of this short article series we looked at some of the advantages of Oracle's row level security, what it can be used for, and looked at a simple example of how it works. We'll conclude this series by testing the policies that have been setup, demonstrate a few of the data dictionary views that allow for management and monitoring, cover some other issues and features, and then see if the data can be viewed by hackers or malicious users through the use of trace files.
Read the Article
|
Conducting a Security Audit of an Oracle Database
This paper has been written from the perspective of an external, independent auditor with the task of conducting a security audit on a system based around an Oracle database. The methodology presented in the Federal Information System Controls Audit Manual is described as a foundation for conducting the audit. Specific security issues related to Oracle databases are discussed based on the methodology. The focus of the paper is on auditing access controls to Oracle databases. What should the auditor evaluate and test to enable him to give an informed opinion about the security of an information system based on an Oracle database? A number of issues that the auditor should evaluate are discussed in the paper, with indications of how these issues should be dealt with by the entity being audited.
Read the Article
|
An Overview of Oracle Database Security Features
The intent of this paper is to give a new user of Oracle database software, or anyone cons idering the use of Oracle or an Oracle application, a basic understanding of the security capabilities of Oracle database software. It is beyond the scope of this paper to cover all of the countless security features and options available in Oracle. This paper covers Oracle 8i release 3, unless otherwise noted. Although the newest vers ion, Oracle 9i is expected to be available during the Spring of 2001, Oracle 8i is currently the most widely used. Oracle database software has many sophisticated security features which make it an excellent database system for practically any application. Data confidentiality, integrity, and availability can all be well protected with a properly designed Oracle database.
Read the Article
|
Deploying a website built using Oracle9iAS Portal
This paper is a case study of the deployment of a website built using the Portal component of Oracle9i Application Server (Oracle9iAS) in 2001. It has been submitted as the practical assignment for GSEC certification (Version 1.4b, Option 2). The paper describes the scenario and the product, Oracle9i AS (Standard Edition) Release 1 for Windows NT 4.0, before performing a high-level risk analysis of the website. The architecture implemented is discussed in terms of risk. The paper also identifies the security vulnerabilities discovered with Oracle9i AS during the six-month development period and the steps taken to harden an "out-of-the-box" version.
Read the Article
|
|
|
Page: 1 2 3 4
Members currently browsing this category:
|
|
