This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Oracle Hacking and security"
(Created page with '= '''Hacking and Securing Oracle Database''' = Course: Hacking and Securing Oracle Database <br>Course ID: SB1DHSO<br>Instructor: Sumit Siddharth (Sid)<br>CPE Credits: 7 CPE’…') |
|||
| Line 1: | Line 1: | ||
= '''Hacking and Securing Oracle Database''' = | = '''Hacking and Securing Oracle Database''' = | ||
| − | Course: Hacking and Securing Oracle Database <br>Course ID: SB1DHSO<br>Instructor: Sumit Siddharth (Sid)<br>CPE Credits: 7 CPE’s<br>Duration: 1 Day <br>Date: November 19th, 2009 (9 AM – 6 PM)<br> | + | Course: Hacking and Securing Oracle Database <br>Course ID: SB1DHSO<br>Instructor: Sumit Siddharth (Sid)<br>CPE Credits: 7 CPE’s<br>Duration: 1 Day <br>Date: November 19th, 2009 (9 AM – 6 PM)<br>'''Who should attend?'''<br>• Oracle Database Server Administrators.<br>• Developers using Oracle Databases.<br>• Penetration Testers.<br>• Security Managers |
| − | |||
| − | '''Who should attend?'''<br>• Oracle Database Server Administrators.<br>• Developers using Oracle Databases.<br>• Penetration Testers.<br>• Security Managers | ||
'''Class Pre-requisite:'''<br>• Basic knowledge of Oracle database administration and PL/SQL language.<br>• Knowledge of penetration testing will be an advantage but is not essential. | '''Class Pre-requisite:'''<br>• Basic knowledge of Oracle database administration and PL/SQL language.<br>• Knowledge of penetration testing will be an advantage but is not essential. | ||
Latest revision as of 09:57, 20 September 2009
Hacking and Securing Oracle Database
Course: Hacking and Securing Oracle Database
Course ID: SB1DHSO
Instructor: Sumit Siddharth (Sid)
CPE Credits: 7 CPE’s
Duration: 1 Day
Date: November 19th, 2009 (9 AM – 6 PM)
Who should attend?
• Oracle Database Server Administrators.
• Developers using Oracle Databases.
• Penetration Testers.
• Security Managers
Class Pre-requisite:
• Basic knowledge of Oracle database administration and PL/SQL language.
• Knowledge of penetration testing will be an advantage but is not essential.
Class Requirement:
• Students to carry their laptop with at least 2 GB of free space.
• Students should have Administrative access / privileges on the laptop for installing software.
• USB or Bootable CD / DVD Drive
• VMware Player
• Wireless enabled
Course Description:
This is a hands-on training one-day course, which will teach the audience the security problems related to Oracle. The training has a good mix of traditional as well as some latest cutting edge security issues related to Oracle. The audience will have access to an infrastructure with a number of oracle components deployed, and they will be encouraged to exploit/patch security vulnerabilities as they learn them.
1. TNS Listener Security Problems
2. Default Oracle accounts and privileges.
3. Obtaining and cracking password hashes in Oracle.
4. Enumerating/fingerprinting Oracle.
5. Introduction to Oracle Vulnerabilities
6. Buffer Overflows
7. SQL and PL/SQL Injection
8. Cursor Injection
9. Introduction to Cursor Snarfing and Lateral SQL Injection.
10. Exploiting vulnerabilities to become DBA (from 8i to 11g)
11. From DBA to OS code execution
12. Unwrapping Oracle's PL/SQL for vulnerabilities.
13. Advanced SQL Injection (Identification and Exploitation)
14. Hacking Oracle Application Servers.
15. Exploiting Oracle from Web.
16. Securing Oracle.
