Pete Finnigan

Subscribe to Pete Finnigan feed Pete Finnigan's weblog is the only weblog dedicated to Oracle security.
Updated: 15 hours 50 min ago

Secure Password Store - Wallets

Mon, 2023-12-04 12:26
One of the key security issues I come across when performing security audits is the proliferation of passwords located on SQL files and OS shell scripts and more. If you get access to the server you can learn a lot....[Read More]

Posted by Pete On 04/12/23 At 01:48 PM

Categories: Security Blogs

SQL Firewall in 23c - UKOUG and Scripts

Mon, 2023-11-27 15:26
I spoke at the UKOUG conference just over a week ago twice and the second of my talks was about the new SQL Firewall in Oracle 23c. This was a walk through of the SQL Firewall and what it does....[Read More]

Posted by Pete On 27/11/23 At 03:18 PM

Categories: Security Blogs

UKOUG 2023 - Using Database Vault in Real Life

Mon, 2023-11-20 18:26
I went down to Reading, UK last week on the train from York and presented at the conference being held at Oracles offices there in Reading. This is a short post to raise that i have posted a pdf of....[Read More]

Posted by Pete On 20/11/23 At 09:44 AM

Categories: Security Blogs

UKOUG Conference 2023 - Reading - Two Oracle Security Talks

Wed, 2023-11-15 10:06
Today the 15th November 2023 is the first day of the UKOUG annual conference this year held in Reading at Oracles office. The event is two days continuing into tomorrow. The event agenda is here . I am going to....[Read More]

Posted by Pete On 15/11/23 At 02:35 PM

Categories: Security Blogs

SQL*Plus Error Logging - SPERRORLOG Table

Tue, 2023-11-07 08:46
In the last post we discussed the "set errorlogging on" SQL*Plus setting and the fact that we can direct errors in SQL to a log table so that errors that are in long running scripts or scripts run blind can....[Read More]

Posted by Pete On 07/11/23 At 11:13 AM

Categories: Security Blogs

Logging Errors in SQL*Plus

Fri, 2023-11-03 14:06
Oracle has improved error messaging in a number of places over the years and we will discuss one of these now in this blog. Oracle added logging errors to a table in Oracle 11.1. This is a useful feature that....[Read More]

Posted by Pete On 03/11/23 At 01:25 PM

Categories: Security Blogs

User Least Privilege in the Oracle Database

Tue, 2023-10-24 16:26
I have just posted my MS PPT slides for the first time to my website for a talk I did at the UKOUG conference in Liverpool in 2018. These slides are available for the talk UserLeast Privilege and I have....[Read More]

Posted by Pete On 24/10/23 At 03:33 PM

Categories: Security Blogs

An Appreciation of Auditing and Securing Oracle

Fri, 2023-10-20 20:26
I have just posted my slides from a talk I did at the ISACA event at Croke Park in Dublin in 2018. The talk was called " An Appreciation of Auditing and Securing Oracle " - I have also updated....[Read More]

Posted by Pete On 20/10/23 At 09:40 AM

Categories: Security Blogs

Oracle Database Passwords

Tue, 2023-10-17 00:46
I did a presentation in Slovenia in 2021 around Oracle database passwords and I have today just posted the MS PPT slide to our site - Oracle Database Passwords and we have also updated our Oracle Security white papers page....[Read More]

Posted by Pete On 16/10/23 At 12:43 PM

Categories: Security Blogs

Secure Coding in PL/SQL

Fri, 2023-10-13 23:26
Continuing my job to post the slides from previous talks I did about Oracle Security I have today posted my MS PPT slides for a talk I did in 2020 at the UKOUG. The slides for this talk - Secure....[Read More]

Posted by Pete On 13/10/23 At 12:03 PM

Categories: Security Blogs

alter session set current_schema

Mon, 2023-10-09 09:46
If you have an application that includes data, PL/SQL then if it is secured can it still work without change? Lets create a simple simulation of such an application and then discuss the faults and the fixes and possible issues....[Read More]

Posted by Pete On 09/10/23 At 01:07 PM

Categories: Security Blogs

Good Audit Trail Design

Mon, 2023-10-02 13:26
Continuing with the series of posting the MS PPT slides (as pdf's) from recent past talks on all subjects Oracle security I have a new one for you. There are a few more still to post. I don't really know....[Read More]

Posted by Pete On 02/10/23 At 12:37 PM

Categories: Security Blogs

ERP Oracle Database Security

Fri, 2023-09-29 12:06
I did a talk at the UKOUG in 2020 about ERP security and its affects on Oracle database security. I have just uploaded the slides from this ERP Security talk to our website so you can download and have a....[Read More]

Posted by Pete On 29/09/23 At 01:20 PM

Categories: Security Blogs

Oracle Forensics Response

Fri, 2023-09-22 15:06
I have spoken a few times on this blog about forensics and Oracle and in 2021 I did a talk at the UKOUG about Oracle forensics. I have just posted the slides from that talk just now to our site....[Read More]

Posted by Pete On 22/09/23 At 01:07 PM

Categories: Security Blogs

Database Vault without Database Vault

Mon, 2023-09-18 19:46
I did a talk in Slovenia in 2022 that explores the questions, "What is Database Vault?" and "What can we do if we don't have Database Vault?". I have posted the slides to our website today and the talk is....[Read More]

Posted by Pete On 18/09/23 At 01:00 PM

Categories: Security Blogs

Create Onion Layers of Security

Fri, 2023-09-15 18:26
I did a talk in 2022 called CreatingOnion Layers of Security and as you can see from the previous link I have posted a pdf of my MS PPT slides to our website. I have also added the talk to....[Read More]

Posted by Pete On 15/09/23 At 02:01 PM

Categories: Security Blogs

Adaptive Audit and Adaptive Security

Mon, 2023-09-11 23:06
I did a talk at the beginning of the year virtually in Slovenia at a security conference. The slides are available and I have added the paper also to our Oracle Security White Papers page . I have spoken about....[Read More]

Posted by Pete On 11/09/23 At 11:21 AM

Categories: Security Blogs

Securing Data in Oracle Databases

Fri, 2023-09-08 21:46
I have been going through my laptop and found that I have quite a few presentations on my laptop that have not been uploaded to our website so I have decided to start to upload a few one by one....[Read More]

Posted by Pete On 08/09/23 At 01:23 PM

Categories: Security Blogs

GDPR and Oracle Database

Mon, 2023-09-04 07:46
I wrote a short blog post last week regarding GDPR and the Oracle database and discussed at a high level the main articles that could affect your security plans for an Oracle database. As I said last week GDPR Speaks....[Read More]

Posted by Pete On 04/09/23 At 12:16 PM

Categories: Security Blogs

New GDPR Book and the Oracle Database

Fri, 2023-08-25 10:06
I received a copy of Jamal Ahmeds book The Easy Peasy Guide to the GDPR last night. Of course I have not had chance to read it fully yet BUT I did have a read of the introduction and recommendations....[Read More]

Posted by Pete On 25/08/23 At 11:59 AM

Categories: Security Blogs