Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

Lateral SQL Injection

David has released his latest paper which investigates how by changing NLS variables an attacker can inject SQL into functions that do not normally take varchar input e.g. those that accept dates. Also functions that do not take input but that do rely on NLS variables are similarly affected. Lateral thinking.
Here is the paper http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf and congrats to NGS on winning the SC Security Company of the Year. http://www.scmagazine.com/uk/awards/ and even more congrats to Betfair for winning Queen’s award again. http://www.realbusiness.co.uk/news/international-business/5240271/queens-awards-the-big-winners.thtml

Leave a Reply

You must be logged in to post a comment.