SECURING YOUR ORACLE DATABASE FROM HACKERS

The attendees will learn the latest techniques in Oracle security (find vulnerabilities, unsecure configuration, passwords), analyze (custom) PL/SQL applications for vulnerabilities and how to harden Oracle databases. Common attacking techniques (Oracle rootkits and backdoors, Oracle Client attacks) and the appropriate countermeasures are also part of this training.

Pre-requisite:

Students should have at least basic knowledge of Oracle databse.

Class Outline:

Day 1

* Introduction
* Oracle Basics (Oracle Architecture, Oracle Products, Oracle Features)
* Passwords
* SQL-Injection (Database, Web, C/S)
* Hacking mod_plsql
* Google Hacking for Oracle Techniques
* Hardening Oracle Databases
* Hardening Oracle 10g R2
* Checking databases with Repscan

Day 2

* PL/SQL Programming Basics (Execute programs, read/write files)
* PL/SQL-Source-Code Analysis
* Oracle Client attacks
* IDS Evasion
* Oracle Encryption
* Oracle Rootkits & Backdoors

Alexander Kornbrust is the founder of Red-Database-Security GmbH, a company specialised in Oracle security.

He is responsible for Oracle security audits and Oracle Antihacker training. Before that he worked several years for Oracle Germany, Oracle Switzerland and IBM Global Services as consultant. Alexander Kornbrust is working with Oracle products as DBA and developer since 1992.

During the last 6 years found over 200 security bugs in various Oracle products like database or application server.