Category Archives: Trusted Path
#Oracle Database Application #Security book is finally out. #infosec #encryption #audit #SecureCoding #PrivilegeAnalysis #OID #OAM #OIM
https://www.amazon.com/Oracle-Database-Application-Security-Directory/dp/1484253663/ref=sr_1_1?keywords=oracle+database+lockard&qid=1573050833&sr=8-1 It’s been a year long process now the book is finally been released. There are a few things I would have written different and a few other subjects I would have liked to cover. Perhaps that will come in … Continue reading
Emerging Technology Security Day 2019
Between ongoing data breaches and emerging technologies constantly coming out, you need to ask the question. “Is my information secure?” On October 11th we will be hosting a security day with Oracle Corporation in Reston Virginia. When: October 11, 2019 … Continue reading
Putting #CodeBasedAccessControl to work. #CBAC #Database #infosec #Oracle #TrustedPath
Grab a cup of coffee or a cup of tea. This is not a short post; There is a lot to explain, and many point are repeated. You need to understand all the in’s and out’s of CBAC. However; once … Continue reading
Code Based Access Control, #securecoding #oracle #plsql #MultipleSchemas
You can download the full code from gethub.com CBAC Simple This example depends on the HR Demo schema being loaded. We will be building on this example over the next several months to present a full blown application that includes … Continue reading
@Oracle 126.96.36.199 Cool new features to improve security. Part 1 Enhanced Whitelists PL/SQL
In Oracle 12.1 the ACCESSIBLE BY clause was introduced to the PL/SQL language. This gives the developer the ability mark a package, procedure, function, or type with what was allowed to call it. 12.2 gives us fine grained control over … Continue reading
PL/SQL Security Coding Practices. Introduction to a better architecture part 2
For this post, we are going to focus on definers rights and invokers rights. Most developers already know about these privilege modifiers, but sadly I rarely see these being used at customer sites. Key to understanding how to secure your … Continue reading
PL/SQL Security Coding Practices. Introduction to a better architecture part 1.
I have been seeing this database architecture for over thirty years and it’s high time we stopped using it. Before I go too far, let me tell you I get it, you have pressure to get the application out the … Continue reading
#ORACLE PL/SQL Secure Coding Practices #INFOSEC – Please tell me how your database system is designed @bgoug will get this presentation first
The more you tell me, the more ways I can find I can find to attack your system. All I need is one little sql injection bug and trust me, it is most likely there, you just don’t know it … Continue reading
Turn off the #http #listener in #Oracle #STIG
Locking down a database (applying STIGs) you need to check to see if the listener is running http. If you don’t need the http service, turn it off. Turning off http will reduce the attack surface. Step 1) Is http … Continue reading
Four things a developer can do now to improve their applications #infosec posture.
Lets face it, we have deadlines to meet and millions of lines of code in production. I get it, I’ve been a working PL/SQL developer off and on for over 20 years. If we get into the habit of using … Continue reading
Four things a DBA can do now to improve their #infosec posture?
August 13, 2018: NOTE UPDATE TO POST THIS IS SPECIFIC TO Oracle 12.1 and bellow. Oracle 12.2 and above, you can change an unencrypted tablespace to an encrypted tablespace. 1) When we start talking about securing information, the first thing that … Continue reading