Archive for the ‘Oracle Security’ Category

DOAG 2012: Best of Oracle Security 2012

Donnerstag, November 22nd, 2012

Yesterday I gave a presentation „Best of Oracle Security 2012“ at the DOAG 2012 conference in Nürnberg.

Best of Oracle Security

Self-Defending Databases

Freitag, November 2nd, 2012

I just uploaded my talk Hashdays 2012 „Self-Defending Databases“ to the Red-Database-Security website.  The talk explains how to detect SQL Injection attacks in databases (Oracle/MSSQL/MySQL) and how to react in case of a SQL Injection (e.g. done with Pangolin, Havij or Netsparker).

Initially the idea covered only Oracle and MSSQL but Xavier Mertens extend the concept to MySQL (MySQL Attacks Self-Detection) after he saw my presentation at the Hashdays Management Session.

2 Cebit 2012 Presentations about Database Security

Freitag, März 9th, 2012

I just uploaded 2 presentations I gave at the Cebit 2012.

DOAG 2011 Presentation „Best of Oracle Security 2011“

Freitag, November 18th, 2011

I just uploaded my DOAG 2011 presentation „Best of Oracle Security 2011„.

Oracle Critical Patch Update Pre-Release Announcement – October 2011

Samstag, Oktober 15th, 2011

Oracle released the Pre-Release Announcement for the Oracle CPU October 2011. The upcoming CPU will fix 4 issues in the Oracle database:

  • Application Express
  • Core RDBMS
  • Database Vault
  • Oracle Text

 The highest CVSS value is 6.5 (normally a SQL Injection vulnerability). None of the issues is remote exploitable.