Pete Finnigan

Subscribe to Pete Finnigan feed Pete Finnigan
PeteFinnigan.com's weblog is the only weblog dedicated to Oracle security.
Updated: 14 hours 4 min ago

Audit ALTER USER Inconsistent Issue in Unified Audit Trail

Thu, 2024-11-28 21:06
If you use still or used standard auditing in the Oracle database then you should have come across an issue. If you have multiple teams enabling audit one team can destroy another teams audit settings. Here is a couple of....[Read More]

Posted by Pete On 28/11/24 At 09:59 AM

Categories: Security Blogs

New Live In Person Oracle Security 3 Day Training in York January 2025

Wed, 2024-11-13 14:46
The last time I taught an in-person training class around Oracle security was almost 5 years ago. I was in The Hague for a class in February 2020 and then the lockdown hit us for Covid in March 2020 and....[Read More]

Posted by Pete On 13/11/24 At 01:56 PM

Categories: Security Blogs

How Can a Data Breach of an Oracle Database be Managed and Analysed?

Wed, 2024-11-06 17:46
No one wants to be hacked or their data stolen or leaked or their database be breached but it can happen. If you become the latest victim of a data hack and your Oracle database is compromised then what do....[Read More]

Posted by Pete On 06/11/24 At 11:23 AM

Categories: Security Blogs

Oracle Security Blog is 20 Years Old

Wed, 2024-10-30 21:46
I was just made aware by a friend that my Oracle security blog was 20 years old just recently. As its a big anniversary I think its worth a blog post to celebrate. The blog started on the 20th of....[Read More]

Posted by Pete On 30/10/24 At 03:04 PM

Categories: Security Blogs

Easily Locate Security Issues in your PL/SQL Code

Tue, 2024-10-29 09:06
We have just released version 2024 and we have added around 340 new checks to the analyser for PL/SQL to located PL/SQL security issues. We can identify a number of types of security issues in your PL/SQL that includes: Use....[Read More]

Posted by Pete On 29/10/24 At 12:54 PM

Categories: Security Blogs

Compare the Database Security of Oracle Database 11g, 12c, 18c, 19c, 21c and 23c/ai

Thu, 2024-10-24 19:06
We have recently added around 750 new checks to our Oracle database scanner PFCLScan for our new version 2024 release that can be used to locate security issues in any Oracle database. We now have around 2000 security checks that....[Read More]

Posted by Pete On 24/10/24 At 12:48 PM

Categories: Security Blogs

Oracle TDE and Oracle ACE and Website

Thu, 2024-10-03 12:26
Firstly I was very pleased to announce that I have been made an Oracle ACE Pro again for the year to come. I just received the Oracle ACE tee shirt, polo shirt, jacket and of course the ACE Certificate. The....[Read More]

Posted by Pete On 03/10/24 At 10:44 AM

Categories: Security Blogs

What Should you do if your Oracle Database is Hacked or Breached?

Thu, 2024-09-19 18:46
It has been a while since my last blog post as we have been incredibly busy here with customers work, new versions of our products and from a personal point of view moving house. I just got an email from....[Read More]

Posted by Pete On 19/09/24 At 12:27 PM

Categories: Security Blogs

Passwords in Scripts and Environment Variables

Wed, 2024-08-28 18:06
There was a post a few days ago on LinkedIn by Johannes Michler about easily passing passwords to adop via a shell script when patching E-Business Suite. This script sets the password for the E-Business Suite APPS user, SYSTEM and....[Read More]

Posted by Pete On 28/08/24 At 09:24 AM

Categories: Security Blogs

Would you Pay to Speak at a Conference?

Wed, 2024-08-28 18:06
I was approached by a lady on LinkedIn a few weeks ago to ask me if I would speak at a conference in another country. I said that I was interested and asked for more details and importantly do they....[Read More]

Posted by Pete On 28/08/24 At 09:24 AM

Categories: Security Blogs

Searching Base64 Encoded text for a clear text string

Mon, 2024-08-12 19:26
I had an issue to solve where I needed to find if some base64 encoded text included a clear text string which was of course encoded in the source data. I needed to search hundreds of XML files where some....[Read More]

Posted by Pete On 12/08/24 At 07:50 AM

Categories: Security Blogs

Write An Interpreter in PL/SQL - Adding More Features

Thu, 2024-08-01 10:06
Just a short post about the PL/SQL parser and interpreter that I have been developing. As I have said in recent posts I am going to release a set of articles about the development of this interpreter in PL/SQL. I....[Read More]

Posted by Pete On 01/08/24 At 01:01 PM

Categories: Security Blogs

Can We Remove IF Statements from PL/SQL?

Fri, 2024-07-26 07:46
I like PL/SQL and I am always playing around with it or writing tools for use in security audits in PL/SQL or trying to do things that are not normal with PL/SQL such as writing an interpreter. One thing I....[Read More]

Posted by Pete On 26/07/24 At 09:22 AM

Categories: Security Blogs

Protect Your PL/SQL

Wed, 2024-07-24 19:06
Do you develop PL/SQL? Is your Oracle PL/SQL protected? My name is Pete Finnigan and in the next few minutes I will show you how you can protect you PL/SQL investment from theft. We can: Stop people stealing your ideas....[Read More]

Posted by Pete On 23/07/24 At 03:14 PM

Categories: Security Blogs

Extreme PL/SQL - An Interpreter for a Simple Language

Wed, 2024-07-17 22:26
I talked at a high level a few weeks ago about Extreme PL/SQL and gave a brief look at an interpreter I have been creating for a simple language based on BASIC. I have been keeping notes in a Word....[Read More]

Posted by Pete On 17/07/24 At 12:00 PM

Categories: Security Blogs

Can we Add C Style Pointers to PL/SQL?

Fri, 2024-06-28 21:26
In my last blog on Extreme PL/SQL I mentioned pointers in PL/SQL. PL/SQL does not support pointers or dynamic memory management in the same way that we can write in C code. In C code we can define a variable....[Read More]

Posted by Pete On 28/06/24 At 09:03 AM

Categories: Security Blogs

Can we Hack an Oracle APEX Application?

Wed, 2024-06-26 14:26
I talked recently about securing APEX and the different security angles that should be considered when securing data in application that is written using APEX and hosted in an Oracle database. There are multiple attack vectors from a web based....[Read More]

Posted by Pete On 28/05/24 At 09:35 AM

Categories: Security Blogs

Extreme PL/SQL

Wed, 2024-06-26 14:26
It has been a while since my last blog post here. I have not abandoned blogging. Over the last year and more I have blogged regularly and this is reflected in my Oracle ACE Pro contributions this last year. I....[Read More]

Posted by Pete On 25/06/24 At 10:04 AM

Categories: Security Blogs

Can We Add New Language Features to PL/SQL?

Wed, 2024-05-15 14:06
This is a thought experiment really but is possible to do with some efforts and in a more targeted way. I have coded in PL/SQL for around 29 years and it is one of my favourite languages along with C....[Read More]

Posted by Pete On 08/05/24 At 11:20 AM

Categories: Security Blogs

Locate an Error in Wrapped PL/SQL

Mon, 2024-03-18 08:46
I had a conversation a few weeks ago with someone who asked me how to find a missing table when you have a wrapped PL/SQL file and cannot see the source code and you install it and it gives an....[Read More]

Posted by Pete On 18/03/24 At 01:00 PM

Categories: Security Blogs

Pages