Installing Oracle 19c on Linux

Uncategorized
| Dec 23, 2019
I needed to create a new 19c install yesterday for a test of some customer software and whilst I love Oracle products I have to say that installing the software and database has never been issue free and simple over....[Read More]

Posted by Pete On 06/12/19 At 04:27 PM

Upcoming Webinar: Is Your Sensitive Data Playing Hide and Seek with You?

Uncategorized
| Dec 9, 2019

Is Your Sensitive Data Playing Hide and Seek with You?

Thursday, December 12, 2019 - 2:00 pm EST

Your Oracle databases and ERP applications may contain sensitive personal data like Social Security numbers, credit card numbers, addresses, date of births, and salary information. Understanding in what tables and columns sensitive data resides is critical in protecting the data and ensure compliance with regulations like GDPR, PCI, and the new California Consumer Privacy Act (CCPA). However, (more...)

CVE-2019-2638, CVE-2019-2633, Oracle Payday Vulnerabilities – AppDefend Protection

Uncategorized
| Nov 25, 2019

Two Oracle E-Business Suite security vulnerabilities (CVE-2019-2638, CVE-2019-2633) fixed in April 2019 Oracle Critical Patch Update (CPU) have been recently publicized. These vulnerabilities allow an attacker to execute arbitrary SQL statements in the Oracle E-Business Suite data that can result in complete compromise of the environment including fraudulent transactions, changing of bank accounts, and circumvention of application security controls. Integrigy’s AppDefend, the application firewall for Oracle E-Business Suite, is the only solution that provides virtual (more...)

Oracle Security Training Manuals for Sale

Uncategorized
| Nov 19, 2019
We have one set of Manuals for the recent training we held here in York and one from 2018. These can be bought as individual books as follows: This manual is from the York class in October 2019 and can....[Read More]

Posted by Pete On 19/11/19 At 03:05 PM

SELECT ANY DICTIONARY – What Privileges Does it Have – SELECT_CATALOG_ROLE

Uncategorized
| Oct 11, 2019
There has been a few blog posts over the years discussing what is the difference between SELECT ANY DICTIONARY and the SELECT_CATALOG_ROLE. Hemant posted in 2014 about the difference between SELECT ANY DICTIONARY and SELECT_CATALOG_ROLE . This post was a....[Read More]

Posted by Pete On 11/10/19 At 01:59 PM

What Privileges Can you Grant On PL/SQL?

Uncategorized
| Oct 8, 2019
Oracle has a lot of privileges and models; privileges can be granted to users, roles and also since 12c roles can be granted to PL/SQL code (I will not discuss this aspect here as i will bog separately about grants....[Read More]

Posted by Pete On 08/10/19 At 01:43 PM

ORA-01950 Error on a Sequence – Error on Primary Key Index

Uncategorized
| Oct 1, 2019
I posted yesterday a blog about an error on a sequence of ORA-01950 on tablespace USERS - ORA-01950 Error on a Sequence . This was attributed to the sequence by me because that's where the error in Oracle was pointing....[Read More]

Posted by Pete On 01/10/19 At 01:12 PM

ORA-01950 Error on a Sequence

Uncategorized
| Sep 30, 2019
Wow, its been a while since i last blogged here. I keep promising to blog more about Oracle Security but paying work gets in the way..:-(. I do have a very big list of things that I would like to....[Read More]

Posted by Pete On 30/09/19 At 01:42 PM

PFCLScan – Version 3.0

Uncategorized
| Jul 11, 2019
We are very excited to announce that we are currently working to have version 3.0 of PFCLScan our flagship database security scanner for the Oracle database. We will be ready for sale in September and this development is going really....[Read More]

Posted by Pete On 11/07/19 At 03:33 PM

PFCLATK – Audit Trail Toolkit – Checksums

Uncategorized
| Jun 6, 2019
We have a toolkit called PFCLATK that is used in customer engagements to assist our customers to create comprehensive and useful audit trails for their databases. The toolkit is used in consulting engagements at the moment but will be adding....[Read More]

Posted by Pete On 06/06/19 At 03:08 PM

Integrigy at COLLABORATE 19 – Oracle E-Business Suite Security, Database Security, PeopleSoft Security

Uncategorized
| Apr 5, 2019

Heading to COLLABORATE 19? For the 12th consecutive year, Integrigy will be presenting on Oracle E-Business security, Oracle Database security, and PeopleSoft security. If you will be attending, be sure to schedule in one or more of our presentations.

Oracle E-Business Suite Security

Top 10 Oracle E-Business Suite Security Risks Tuesday April 9 - 10:30 AM-11:30 AM - GH 4th FL Republic C

How to Close the Window between Oracle CPU Security Release and Deployment (more...)

DOAG conference: Best of Oracle Security – older presentations (2013-2017)

Uncategorized
| Nov 25, 2018

Here is a list of older „Best-of“-presentations:

Best of Oracle Security 2017

Best of Oracle Security 2016

Best of Oracle Security 2015

Best of Oracle Security 2014

Best of Oracle Security 2013

DOAG 2018: Best of Oracle Security 2018

Uncategorized
| Nov 25, 2018

Last week I gave my yearly presentation “Best of Oracle Security 2018” at the DOAG 2018 conference in Nürnberg. In this presentation I talked about different Oracle exploits, a vulnerability in livesql.oracle.com, DNS data exfiltration in Oracle and how to audit SYSDBA connections in Oracle

 

Additionally I talked about the German DSGVO (GDPR) – „Wie wird die DSGVO umgesetzt und welche Lücken/Lügen gibt es?

.

Oracle Critical Patch Update July 2018 Oracle PeopleSoft Analysis and Impact

Uncategorized
| Jul 17, 2018

As with almost all previous Oracle E-Business Suite Critical Patch Updates (CPU), the July 2018 quarterly patch is significant and high-risk for PeopleSoft applications.  Despite the publicity, marketing, or naming of specific vulnerabilities, this quarter is no different than previous quarters in terms of risk and prioritization within your organization.

For this quarter, there are 15 security vulnerabilities patches in PeopleSoft applications and PeopleTools --

10 - PeopleTools

2 - PeopleSoft Financials

2 - (more...)

Oracle Critical Patch Update July 2018 Oracle E-Business Suite Analysis and Impact

Uncategorized
| Jul 17, 2018

As with almost all previous Oracle E-Business Suite Critical Patch Updates (CPU), the July 2018 quarterly patch is significant and high-risk. 51 of the past 55 quarterly patches are significant and high-risk as they fix one or more SQL injection vulnerabilities or other damaging security vulnerabilities in the web application of Oracle E-Business Suite. Despite the publicity, marketing, or naming of specific vulnerabilities, this quarter is no different than previous quarters in terms of risk (more...)

CVE-2017-10151 Oracle Identity Manager Vulnerability

Uncategorized
| Oct 31, 2017

Oracle has released an out-of-cycle security advisory (CVE-2017-10151) for a vulnerability affecting Oracle Identity Manager.  This vulnerability has a CVSS 3.0 base score of 10 out of 10.  Oracle Identity Manager is the identity governance component within the Oracle Identity Management solution.  All supported versions of Identity Manager are impacted from 11.1.1.7 to 12.2.1.3.0.  Most likely 11.1.1.1 through (more...)

Oracle Critical Patch Update October 2017 Oracle E-Business Suite Analysis and Impact

Uncategorized
| Oct 19, 2017

As with almost all previous Oracle E-Business Suite Critical Patch Updates (CPU), the October 2017 quarterly patch is significant and high-risk. 47 of the past 52 quarterly patches are significant and high-risk as they fix one or more SQL injection vulnerabilities or other damaging security vulnerabilities in the web application of Oracle E-Business Suite. Despite the publicity, marketing, or naming of specific vulnerabilities, this quarter is no different than previous quarters in terms of risk (more...)

Integrigy at Oracle Open World 2017

Uncategorized
| Sep 22, 2017

Integrigy will be presenting again this year on database security at Oracle Open World 2017 (San Francisco, October 1-5).  If you will be attending Open World, please join us for this informative session on database security.

The Thrifty DBA Does Database Security

Sunday, Oct 01, 10:45 a.m. - 11:30 a.m. | Moscone South - Room 159

Stephen Kost, Founder and CTO, Integrigy Corporation

Properly securing an Oracle Database requires significant effort and (more...)

SCAP OVAL SQL57_TEST Example For Oracle E-Business Suite

Uncategorized
| May 23, 2017

Last week I posted a blog introducing SCAP and OVAL. Here is a quick follow-up with a link to a sql57_test example using the Oracle E-Business Suite - it will suffice for any Oracle database.

A great book to read first on SCAP titled ‘Security Automation Essentials’ for $15 on Amazon is a must read:  https://www.amazon.com/Security-Automation-Essentials-Streamlined-Communication/dp/0071772510. I would highly recommend this book to anyone interested in SCAP and much thanks to Witte, Cook, Kerr and Shaffer (more...)

STIGS, SCAP, OVAL, Oracle Databases and ERP Security

Uncategorized
| May 16, 2017

Last week’s unprecedented ransomware cyber attacks (http://preview.tinyurl.com/lhjfjgk) caught me working through some research on security automation. The cyber attacks evidently were attributed to an unpatched Windows XP vulnerability. When challenged with securing 1,000s of assets such as all the Windows desktops and Linux servers in an organization, automation quickly becomes a requirement.

Automation is increasingly coming up in our client conversations about how to secure the technology ‘stack’ supporting large ERP (more...)