| Pete Finnigan Masterclass - How to perform a security audit of an Oracle database |
|
|
From Wednesday, 26. May 2010 - 09:00
To Thursday, 27. May 2010 - 17:00
Every day |
|
|
|
This 2 day Masterclass is delivered by Pete Finnigan, a principal consultant with years of real world experience in auditing and securing customers Oracle databases. Pete is also well known for writing and presenting extensively in the area of Oracle security. This Masterclass includes the slides and delegate notes. Click here to register. This Masterclass teaches the delegates how to confidently perform a security audit on an Oracle database. The course gets the delegates up to speed on the reasons Oracle databases are invariably insecure. Everyone is brought up to the same level in terms of where to look, what to look for and why. The course shows how a security audit is planned, how to prepare yourself for it, your staff and your environments. Whilst the course is a complete look at how to perform a security audit of an Oracle database; the focus of the course is also on how to secure the data held within the database from access by people who should not be able to access the data in any way. The course uses the vehicle of a security audit to actually secure the data; the course is flooded with discussions on why something is an issue and potential solutions. In this way the course also provides value to a lot of different people; not just security auditors but also DBA's, Developers, Managers and many more people. Hundreds of people with many differing job descriptions have attended this class in the last year and found immense benefits in the goal of securing their companies data.
“Instructors knowledge and experience beyond question! Excellent course.”
The course is aimed at the fundamentals of how to review a database and why and does not focus on simply running tools. It is important to understand why something is an issue, to understand how to check that its an issue and importantly understand the implications in respect to your own databases and applications before using pre-built or commercial tools. The course includes a complete simulated audit by running through step-by-step all of the steps and components of an Oracle database audit via the medium of slides but importantly using a sample Oracle database and fully functioning content management application as a basis for the audit. Each area of the Oracle security audit is demonstrated and explained in detail.
“The course was to the point, dealt with security auditing specifically. Extremely knowledgeable and pragmatic.”
“It was a great oppertunity to learn directly from Pete” -- C.N, Large Motor Manuf, USA
The course has been designed by Pete Finnigan and is up to date using all supported versions of Oracle from 9iR2 through Oracle 11g. The course includes the following topics: - Background to key database files, structures, configurations and files relative to security
- Oracle security tools, checklists and more
- Why audit an Oracle database
- Exploiting Oracle, SQL Injection, configuration, escalation of privilege and more
- Planning an audit
- Setting up for an audit, gathering tools, prepping laptop, people, access
- Starting the audit
- Software installed, versions and attack surface
- Enumerating users, password strength and more
- Assessing users, privileges and RBAC
- Auditing the Oracle database association with the file system
- Audit Oracle networking
- Audit the database configuration
- Specialist considerations, Credit cards, personally identifiable data and more
- Review the audit trail
- Data analysis, vulnerability assessment
- Document findings, develop a policy and deciding what to fix
- A look at some of the automated tools
A detailed agenda for how to perform an Oracle security audit is available here [Detailed Oracle Security course agenda].
“Thany you very much!” “Excellent presentation, vast knowledge on the subject”
-- P.P, Consulting Company, Finland
|
Location: Utrecht -La Place
Contact: Annette Herruer - 0641788142 |
Back
|
