Pete Finnigan

Subscribe to Pete Finnigan feed Pete Finnigan
PeteFinnigan.com's weblog is the only weblog dedicated to Oracle security.
Updated: 11 hours 12 min ago

Grant DBA to yourself - exploit or not?

Wed, 2017-10-11 10:26
Yesterday Peter from the Master of Disaster Blog sent me an email to ask if I had seen the issue in his post before and whether it was a new exploit. I looked at the post and immediately recognised that....[Read More]

Posted by Pete On 11/10/17 At 12:06 PM

Categories: Security Blogs

New Oracle Security book - Oracle Incident Response and Forensics

Tue, 2017-10-03 19:06
I have been quiet on here for a while due to a large workload and also in the last weeks writing a new book - Oracle Incident Response and Forensics" to be published by Apress. The book is complete as....[Read More]

Posted by Pete On 03/10/17 At 08:52 AM

Categories: Security Blogs

Oracle Security Training In York - October 30 - 31st 2017

Wed, 2017-09-06 07:06
I will be running my two day Oracle security training course - How to Perform a Security Audit of an Oracle Database - Here in my home city of York, UK on the 30th to 31st October 2017 this year....[Read More]

Posted by Pete On 06/09/17 At 09:33 AM

Categories: Security Blogs

get_tab2.sql - Free Tool to show Privileges on an Object Updated

Wed, 2017-08-30 10:06
I have a core set of PL/SQL scripts that I use when conducting Oracle security work on customer sites. Most of these are available on this website for many years. One of these is my script get_tab2.sql which shows grants....[Read More]

Posted by Pete On 30/08/17 At 12:11 PM

Categories: Security Blogs

What Are NULL pname entries in v$process?

Tue, 2017-08-29 15:46
I got a message on Linked In today from Jijo who asked why when he queries v$process are some of the PNAME column values NULL. I have a simple script vproc.sql that I use when analysing databases for many years....[Read More]

Posted by Pete On 29/08/17 At 02:35 PM

Categories: Security Blogs

Pete Finnigan is now an Oracle ACE

Fri, 2017-08-25 20:06
I just got an email from the Oracle ACE program to tell me that I had been accepted onto the ACE program and was awarded the Oracle ACE status by Oracle. I have been active on the internet around Oracle....[Read More]

Posted by Pete On 25/08/17 At 07:28 PM

Categories: Security Blogs

Oracle Security at UKOUG December 2017

Fri, 2017-08-25 20:06
I have just had an email from the UKOUG to say that three of my presentations have been accepted for the upcoming conference on December 4th to 6th at the ICC in Birmingham. I will have one talk on the....[Read More]

Posted by Pete On 25/08/17 At 04:16 PM

Categories: Security Blogs

New Video of Oracle Security Vulnerability Scanning

Thu, 2017-08-17 10:46
I have just made a new video of a sample session using PFCLScan our vulnerability / security scanner for the Oracle database. In the video I show how easy it is to get started with PFCLScan and scan an Oracle....[Read More]

Posted by Pete On 17/08/17 At 01:50 PM

Categories: Security Blogs

More Oracle Security Training Manuals for Sale

Wed, 2017-08-09 01:26
I advertised here some months ago a small number of printed manuals that I found in our company storage for some of my Oracle security classes. We had these printed over the years for various classes that I taught and....[Read More]

Posted by Pete On 08/08/17 At 01:57 PM

Categories: Security Blogs

New Oracle Security On-Line Training Dates Added

Mon, 2017-08-07 12:46
We have finally added new on-line training dates for some of our classes; the very popular two days "How to perform a security audit of an Oracle Database" is first followed by the one day class "Hardening and Securing Oracle....[Read More]

Posted by Pete On 07/08/17 At 06:30 PM

Categories: Security Blogs

Oracle Security Audit and Open Ports on a Database Server

Fri, 2017-07-07 23:26
As part of a detailed security audit of an Oracle database performed by our company we look at most areas that are related to two things; the security of the Oracle platform itself, i.e. the Oracle database and its software....[Read More]

Posted by Pete On 07/07/17 At 04:31 PM

Categories: Security Blogs

Oracle Security Training

Fri, 2017-05-26 05:06
Yesterday I made a short video to talk about my two day class " How to Perform a Security audit of an Oracle database " and added the video to YouTube. This class is going to be delivered at a....[Read More]

Posted by Pete On 26/05/17 At 09:39 AM

Categories: Security Blogs

O7_DICTIONARY_ACCESSIBILITY and UTL_FILE_DIR in Oracle 12c release 2

Tue, 2017-05-23 22:06
I was not in the beta program for Oracle database 12c release 2 but when I was discussing security changes in the new release with some people who were in the beta they told me that O7_DICTIONARY_ACCESSIBILITY and utl_file_dir parameters....[Read More]

Posted by Pete On 23/05/17 At 04:17 PM

Categories: Security Blogs

Oracle Security 12cR2 and Oracle Security Training Dates

Mon, 2017-05-08 16:06
I am going to be teaching my two day class "How to perform a security audit of an Oracle database" in Athens, Greece on the 30th and 31st May 2017. This is advertised on Oracle University website and you can....[Read More]

Posted by Pete On 08/05/17 At 03:51 PM

Categories: Security Blogs

Oracle 12cR2 Security - Listener Port

Mon, 2017-05-01 19:26
I downloaded Oracle 12cR2 from Oracle when it became available in March and installed a legacy SE2 database and also a single PDB multitenant database and started some investigations to discover and look at the new security features added in....[Read More]

Posted by Pete On 01/05/17 At 01:03 PM

Categories: Security Blogs

New Online Oracle Security PUBLIC Training Dates Including USA Time Zones

Wed, 2017-04-12 17:26
We have just agreed three new online classes to be taught in June and July. These are for my two day class How to perform a security audit of an Oracle database. The classes are two day events and will....[Read More]

Posted by Pete On 12/04/17 At 02:17 PM

Categories: Security Blogs

PeteFinnigan.com In The Top 60 Oracle Database Blogs

Tue, 2017-04-11 04:46
I got a couple of emails over the last couple of weeks from Anuj at FeedSpot to tell me that my blog (This Oracle Security blog) has been listed in the top 60 Oracle Database blogs on the Feedspot website....[Read More]

Posted by Pete On 11/04/17 At 09:37 AM

Categories: Security Blogs

Oracle Security Training Manuals For Sale

Wed, 2017-04-05 20:26
I had a reason today to go to our company storage for something today and whilst moving other things around to find what I needed I discovered two A4 boxes with printed manuals for some of our recent training classes....[Read More]

Posted by Pete On 05/04/17 At 02:22 PM

Categories: Security Blogs

How to Perform a Security Audit of an Oracle Database Training in Athens, Greece

Wed, 2017-04-05 02:06
I will be teaching my two days class How to Perform a Security Audit of an Oracle Database in Athens, Greece on May 16th and 17th 2017 organised by Oracle University. This is a great class that helps you understand....[Read More]

Posted by Pete On 04/04/17 At 02:45 PM

Categories: Security Blogs

Is SQL Injection A WebSite Problem?

Fri, 2017-03-31 12:06
I saw a post on RobLockards Facebook page this week where he said some people have suggested that his SQL Injection talk only shows calling a procedure from SQLCl and not a web page and he suggests that he may....[Read More]

Posted by Pete On 31/03/17 At 03:38 PM

Categories: Security Blogs

Pages