Pete Finnigan

Subscribe to Pete Finnigan feed Pete Finnigan
PeteFinnigan.com's weblog is the only weblog dedicated to Oracle security.
Updated: 5 hours 5 min ago

How to Secure all of Your Oracle Databases - Part 1

Mon, 2024-02-19 16:26
How do you know how secure your Oracle databases are? How secure should your Oracle databases be? These are interesting questions that we will cover in this three part post. This first part is going to cover the high level....[Read More]

Posted by Pete On 19/02/24 At 01:43 PM

Categories: Security Blogs

Happy 21st Birthday to PeteFinnigan.com Limited

Mon, 2024-02-12 18:06
My company PeteFinnigan.com Limited is 21 years old today!! It seems that time has gone so fast. When I started the company my oldest son was a baby and now he is almost 22 years old and works here in....[Read More]

Posted by Pete On 12/02/24 At 11:28 AM

Categories: Security Blogs

Securing APEX

Tue, 2024-01-30 00:06
I have liked APEX for many years and been involved in auditing and securing Oracle databases that include APEX for many years. What surprises me sometimes is that those deploying and developing an APEX application treat it like a box....[Read More]

Posted by Pete On 29/01/24 At 03:35 PM

Categories: Security Blogs

Investigate an Oracle Database Breach

Tue, 2024-01-23 21:26
I have investigated a number of possible and later proved data breaches in Oracle databases over the years and more recently just before Christmas I was doing the same again for a client. I cannot talk about any specifics of....[Read More]

Posted by Pete On 23/01/24 At 02:35 PM

Categories: Security Blogs

Happy New Year for 2024

Wed, 2024-01-17 18:46
It has been a while since my last blog on the 29th December on the ACCESSIBLEBY Clause in PL/SQL . We had a well earned break after the New Year and myself, my wife and my youngest son visited New....[Read More]

Posted by Pete On 17/01/24 At 03:50 PM

Categories: Security Blogs

ACCESSIBLE BY Clause in PL/SQL

Fri, 2023-12-29 17:26
Over many years I have advocated using security in PL/SQL that checks that a caller is coming from the right place. For many years we have been able to do this with the call stack and test on our PL/SQL....[Read More]

Posted by Pete On 29/12/23 At 03:14 PM

Categories: Security Blogs

Oracle Permissions and Statements or Actions

Thu, 2023-12-28 04:46
If you look at the permissions in the database that are possible for a PL/SQL procedure then it looks, at first site to be a little odd. Lets see the possible permissions for PL/SQL (Procedure) SQL> select * from system_privilege_map....[Read More]

Posted by Pete On 28/12/23 At 10:05 AM

Categories: Security Blogs

Cracking APEX Passwords

Fri, 2023-12-22 20:26
As part of any security audit we want to test the security or strength of passwords as well as any password management settings. We test database passwords of course with PL/SQL crackers and also C based crackers. We test RAS....[Read More]

Posted by Pete On 22/12/23 At 12:53 PM

Categories: Security Blogs

Apex Dictionary Views and their Security Mechanism

Mon, 2023-12-18 06:26
My main focuses are 1) securing data in Oracle databases; either through performing security audits or helping people design and implement anything Oracle security related such as Database Vault or designing audit trails or VPD or encryption or... and 2....[Read More]

Posted by Pete On 18/12/23 At 11:15 AM

Categories: Security Blogs

Oracle Forensics - Missing User IDs

Mon, 2023-12-11 09:26
Over the years I have been asked to look at many databases to tell the customer how they were breached or hacked. This is part of forensic analysis and breach response. Quite often there is no audit trails in the....[Read More]

Posted by Pete On 11/12/23 At 09:07 AM

Categories: Security Blogs

Secure Password Store - Wallets

Mon, 2023-12-04 12:26
One of the key security issues I come across when performing security audits is the proliferation of passwords located on SQL files and OS shell scripts and more. If you get access to the server you can learn a lot....[Read More]

Posted by Pete On 04/12/23 At 01:48 PM

Categories: Security Blogs

SQL Firewall in 23c - UKOUG and Scripts

Mon, 2023-11-27 15:26
I spoke at the UKOUG conference just over a week ago twice and the second of my talks was about the new SQL Firewall in Oracle 23c. This was a walk through of the SQL Firewall and what it does....[Read More]

Posted by Pete On 27/11/23 At 03:18 PM

Categories: Security Blogs

UKOUG 2023 - Using Database Vault in Real Life

Mon, 2023-11-20 18:26
I went down to Reading, UK last week on the train from York and presented at the conference being held at Oracles offices there in Reading. This is a short post to raise that i have posted a pdf of....[Read More]

Posted by Pete On 20/11/23 At 09:44 AM

Categories: Security Blogs

UKOUG Conference 2023 - Reading - Two Oracle Security Talks

Wed, 2023-11-15 10:06
Today the 15th November 2023 is the first day of the UKOUG annual conference this year held in Reading at Oracles office. The event is two days continuing into tomorrow. The event agenda is here . I am going to....[Read More]

Posted by Pete On 15/11/23 At 02:35 PM

Categories: Security Blogs

SQL*Plus Error Logging - SPERRORLOG Table

Tue, 2023-11-07 08:46
In the last post we discussed the "set errorlogging on" SQL*Plus setting and the fact that we can direct errors in SQL to a log table so that errors that are in long running scripts or scripts run blind can....[Read More]

Posted by Pete On 07/11/23 At 11:13 AM

Categories: Security Blogs

Logging Errors in SQL*Plus

Fri, 2023-11-03 14:06
Oracle has improved error messaging in a number of places over the years and we will discuss one of these now in this blog. Oracle added logging errors to a table in Oracle 11.1. This is a useful feature that....[Read More]

Posted by Pete On 03/11/23 At 01:25 PM

Categories: Security Blogs

User Least Privilege in the Oracle Database

Tue, 2023-10-24 16:26
I have just posted my MS PPT slides for the first time to my website for a talk I did at the UKOUG conference in Liverpool in 2018. These slides are available for the talk UserLeast Privilege and I have....[Read More]

Posted by Pete On 24/10/23 At 03:33 PM

Categories: Security Blogs

An Appreciation of Auditing and Securing Oracle

Fri, 2023-10-20 20:26
I have just posted my slides from a talk I did at the ISACA event at Croke Park in Dublin in 2018. The talk was called " An Appreciation of Auditing and Securing Oracle " - I have also updated....[Read More]

Posted by Pete On 20/10/23 At 09:40 AM

Categories: Security Blogs

Oracle Database Passwords

Tue, 2023-10-17 00:46
I did a presentation in Slovenia in 2021 around Oracle database passwords and I have today just posted the MS PPT slide to our site - Oracle Database Passwords and we have also updated our Oracle Security white papers page....[Read More]

Posted by Pete On 16/10/23 At 12:43 PM

Categories: Security Blogs

Secure Coding in PL/SQL

Fri, 2023-10-13 23:26
Continuing my job to post the slides from previous talks I did about Oracle Security I have today posted my MS PPT slides for a talk I did in 2020 at the UKOUG. The slides for this talk - Secure....[Read More]

Posted by Pete On 13/10/23 At 12:03 PM

Categories: Security Blogs

Pages