Yesterday I gave a presentation „Best of Oracle Security 2012“ at the DOAG 2012 conference in Nürnberg.
Archive for the ‘Oracle Security’ Category
DOAG 2012: Best of Oracle Security 2012
Donnerstag, November 22nd, 2012Self-Defending Databases
Freitag, November 2nd, 2012I just uploaded my talk Hashdays 2012 „Self-Defending Databases“ to the Red-Database-Security website. The talk explains how to detect SQL Injection attacks in databases (Oracle/MSSQL/MySQL) and how to react in case of a SQL Injection (e.g. done with Pangolin, Havij or Netsparker).
Initially the idea covered only Oracle and MSSQL but Xavier Mertens extend the concept to MySQL (MySQL Attacks Self-Detection) after he saw my presentation at the Hashdays Management Session.
2 Cebit 2012 Presentations about Database Security
Freitag, März 9th, 2012I just uploaded 2 presentations I gave at the Cebit 2012.
DOAG 2011 Presentation „Best of Oracle Security 2011“
Freitag, November 18th, 2011I just uploaded my DOAG 2011 presentation „Best of Oracle Security 2011„.
Oracle Critical Patch Update Pre-Release Announcement – October 2011
Samstag, Oktober 15th, 2011Oracle released the Pre-Release Announcement for the Oracle CPU October 2011. The upcoming CPU will fix 4 issues in the Oracle database:
- Application Express
- Core RDBMS
- Database Vault
- Oracle Text
The highest CVSS value is 6.5 (normally a SQL Injection vulnerability). None of the issues is remote exploitable.