Penetration Testing mailing list archives
New Book about Oracle Database security by Alexandr Polyakov [DSecRG]
From: Alexandr Polyakov <alexandr.polyakov () dsec ru>
Date: Mon, 3 Aug 2009 15:35:26 +0400
In july 2009 Alexandr Polyakov from DsecRG released new book about Oracle security Oracle Security from the Eye of the auditor: Attack and Defence" http://dsec.ru/about/articles/oracle_security_book/ This book is the first book about oracle security written by Russian researcher. Book is based at extensive authors practice in security audit, penetration testing, business applications security analysis and researching. From this book you can get information about: Attacking Listener Attacking Application server Username and Password guessing SID Guessing Privilege escalation using different many methods Many real examples from latest CPU's Description of finding vulnerabilities and writing exploits Alternative and 2-stage privilege escalations Finding a critical data in database Different ways to get access to OS Oracle Rootkits Secure Database configuration Oracle Audit and forensics Compliance with standards (PCI DSS) I would like to thank all peoples who write about Oracle security such as Pete Finnigan, Alexander Kornbrust, David Litchfield, Paul Wright and Slavik Markovich for his researching. Alexandr Polyakov is a lead IT security auditor of Digital Security. Expert in enterprise applications and database security, found a lot of vulnerabilities in products of such vendors like SAP, Oracle and many others. Author of many whitepapers about IT security and particularly about application security. Alexander is one of the contributors of <a href="http://pcidss.ru/">PCIDSS.RU</a>, and a well-known expert in business applications security, founded a lot of vulnerabilities in SAP and Oracle products. <p>You can buy this book in the <a href="http://www.ozon.ru/context/detail/id/4561748/">internet-shop</a> (Russian version)</p>] Polyakov Alexandr Chief Information Security Analyst ______________________ DIGITAL SECURITY phone: +7 812 703 1547 +7 812 430 9130 e-mail: a.polyakov () dsec ru www.dsec.ru www.dsecrg.com www.pcidss.ru ----------------------------------- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. Digital Security neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. ----------------------------------- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- New Book about Oracle Database security by Alexandr Polyakov [DSecRG] Alexandr Polyakov (Aug 03)