Category Archives: infosec

Four things a developer can do now to improve their applications #infosec posture.

Posted on July 12, 2016 by rlockard

Lets face it, we have deadlines to meet and millions of lines of code in production. I get it, I’ve been a working PL/SQL developer off and on for over 20 years. If we get into the habit of using … Continue reading

Posted in infosec, PL/SQL, Security, Trusted Path | Tagged , , | Leave a comment

Four things a DBA can do now to improve their #infosec posture?

Posted on July 9, 2016 by rlockard

August 13, 2018: NOTE UPDATE TO POST THIS IS SPECIFIC TO Oracle 12.1 and bellow. Oracle 12.2 and above, you can change an unencrypted tablespace to an encrypted tablespace. 1) When we start talking about securing information, the first thing that … Continue reading

Posted in Audit, encryption, infosec, Security, Trusted Path, VPD | Tagged , , , | Leave a comment

#Oracle #Infosec Common Mistakes: Granting DBA to application schema

Posted on June 16, 2016 by rlockard

I’m keep seeing this common mistake; The application schema was granted DBA privileges. Here is the problem, when a sql injection bug is found, then all DBA commands are available to the attacker. The truth is, granting DBA to an … Continue reading

Posted in infosec, Security | Tagged , | Leave a comment

Questions you may want to start with when moving to the #cloud

Posted on May 15, 2016 by rlockard

Last week one of my customers called me into a meeting to discuss moving a critical application to the cloud. This application is very sensitive to the customer and the data it holds is very sensitive to my customers customer. … Continue reading

Posted in Database Stuff, infosec, Security | Tagged , , , | Leave a comment

Demo code for Ghost Data in Indexes

Posted on May 3, 2016 by rlockard

NOTE: all demo data is fake. This is the demo code for encrypting data where there is an existing index. We are starting with a table customers_tst that is in the unencrypted tablespace dat. start with dropping the old test … Continue reading

Posted in encryption, infosec, Security | Tagged , , , | Leave a comment

2015 #InfoSec in review. We get a big fat “F”

Posted on December 27, 2015 by rlockard

We are stewards of our customers data and need to do better. <OPINION> I would give us a big fat “F” for data security in 2015.</OPINION> What happened and what needs to be improved? We saw weak passwords, lack of … Continue reading

Posted in Database Stuff, infosec | Tagged , | Leave a comment

#Oracle #TDE Ghost Data Teaser

Posted on August 5, 2015 by rlockard

Here is a teaser for the Oracle Transparent Data Encryption presentation We look at having an existing table with existing indexes. A policy comes out that says we need to encrypt SSN and Credit Card Numbers. Once we encrypt the … Continue reading

Posted in Database Stuff, encryption, infosec, Security | Tagged , , , | Leave a comment

Oracle #OTN #OPSEC #TMTT

Posted on August 3, 2015 by rlockard

Oracle Technology Network Two Minute Tech Tip. Oracle Transparent Data Encryption.

Posted in Database Stuff, encryption, infosec, Security | Tagged , , , | Leave a comment