Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

New Book about Oracle Database security by Alexandr Polyakov [DSecRG]

From: Alexandr Polyakov <alexandr.polyakov () dsec ru>
Date: Mon, 3 Aug 2009 15:35:26 +0400
In july 2009 Alexandr Polyakov from DsecRG released new book about Oracle security Oracle Security from the Eye of the 
auditor: Attack and Defence"

http://dsec.ru/about/articles/oracle_security_book/

This book is the first book about oracle security written by Russian researcher.
Book is based at extensive authors practice in security audit, penetration testing,
business applications security analysis and researching.

From this book you can get information about:

Attacking Listener
Attacking Application server
Username and Password guessing
SID Guessing
Privilege escalation using different many methods 
Many real examples from latest CPU's
Description of finding vulnerabilities and writing exploits
Alternative and 2-stage privilege escalations
Finding a critical data in database
Different ways to get access to OS
Oracle Rootkits
Secure Database configuration
Oracle Audit and forensics
Compliance with standards (PCI DSS)


I would like to thank all peoples who write about Oracle security such as Pete Finnigan, Alexander Kornbrust,
 David Litchfield, Paul Wright and Slavik Markovich for his researching.


Alexandr Polyakov is a lead IT security auditor of Digital Security. Expert in enterprise applications and database 
security,
found a lot of vulnerabilities in products of such vendors like SAP, Oracle and many others.
Author of many whitepapers about IT security and particularly about application security.
Alexander is one of the contributors of  <a href="http://pcidss.ru/";>PCIDSS.RU</a>,
and a well-known expert in business applications security, founded a lot of vulnerabilities in SAP and Oracle products.


<p>You can buy this book in the <a href="http://www.ozon.ru/context/detail/id/4561748/";>internet-shop</a> (Russian 
version)</p>]





Polyakov Alexandr
Chief Information Security Analyst
______________________
DIGITAL SECURITY
phone:  +7 812 703 1547
        +7 812 430 9130
e-mail: a.polyakov () dsec ru  
www.dsec.ru
www.dsecrg.com
www.pcidss.ru

-----------------------------------
This message and any attachment are confidential and may be privileged or otherwise protected 
from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure 
is strictly prohibited. If you have received this message in error, please notify the sender immediately 
either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence 
via e-mail is for information purposes only. Digital Security neither makes nor accepts legally binding 
statements by e-mail unless otherwise agreed. 
-----------------------------------      


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: