Category Archives: PL/SQL
#Oracle Database Application #Security book is finally out. #infosec #encryption #audit #SecureCoding #PrivilegeAnalysis #OID #OAM #OIM
https://www.amazon.com/Oracle-Database-Application-Security-Directory/dp/1484253663/ref=sr_1_1?keywords=oracle+database+lockard&qid=1573050833&sr=8-1 It’s been a year long process now the book is finally been released. There are a few things I would have written different and a few other subjects I would have liked to cover. Perhaps that will come in … Continue reading
Putting #CodeBasedAccessControl to work. #CBAC #Database #infosec #Oracle #TrustedPath
Grab a cup of coffee or a cup of tea. This is not a short post; There is a lot to explain, and many point are repeated. You need to understand all the in’s and out’s of CBAC. However; once … Continue reading
Update to my earlier #quicktip on setting #plsql scope and warnings.
I noticed a error in my code for setting PLSCOPE_SETTINGS and PLSQL_WARNINGS. QuicTip Logon.sql What I did was get the instance name out of v$instance to figure out if I was connecting to a production environment or one of the lower environments. The … Continue reading
The Impossible Password and default accounts. Oracle #LockDown #QuickTip #Infosec
Let’s revisit a customer who was about to go through an IG Audit. There is one finding that always seems to come up. Default accounts with default passwords. I don’t care if the accounts are expired and locked, if the … Continue reading
@Oracle 12.2.0.1 Cool new features to improve security. Part 1 Enhanced Whitelists PL/SQL
In Oracle 12.1 the ACCESSIBLE BY clause was introduced to the PL/SQL language. This gives the developer the ability mark a package, procedure, function, or type with what was allowed to call it. 12.2 gives us fine grained control over … Continue reading
2017 European Security Tour, #Moscow, #London, #Paris, #Helisnki
My 2017 speaking schedule is starting out with a bang. My first stop will be in Moscow Russia where I am trying to arrange a short speaking engagement in conjunction with the Russia Oracle Users Group. Hopefully we can arrange … Continue reading
#ORACLE PL/SQL Secure Coding Practices #INFOSEC – Please tell me how your database system is designed @bgoug will get this presentation first
The more you tell me, the more ways I can find I can find to attack your system. All I need is one little sql injection bug and trust me, it is most likely there, you just don’t know it … Continue reading
Four things a developer can do now to improve their applications #infosec posture.
Lets face it, we have deadlines to meet and millions of lines of code in production. I get it, I’ve been a working PL/SQL developer off and on for over 20 years. If we get into the habit of using … Continue reading