Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

Archive for April, 2008

Lateral SQL Injection

David has released his latest paper which investigates how by changing NLS variables an attacker can inject SQL into functions that do not normally take varchar input e.g. those that accept dates. Also functions that do not take input but that do rely on NLS variables are similarly affected. Lateral thinking. Here is the paper [...]

Java Oracle Security

Oracle Middle tier applications usually use Java which is why I have been working on Java Security both at work and for SANS in terms of training at http://www.sans.org/london07/description.php?tid=1517 and presenting http://www.sans.org/sans2008/night.php. Here are the Powerpoint notes in PDF from my latest presentation javasecurity.pdf given April 22nd at SANS Orlando.

April 2008 CPU

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html April 2008 CPU came out at 9.00pm UK time tonight as normal. Two of the vulnerabilities are ones that I found whilst working at NGS and are both PL/SQL injections but the most critical bug is the JInitiator JVM bug… Java Vulnerabilities are the subject of a Presentation I am giving next week at [...]