Oracle Database Security Audit Training Cource
This course teaches the delegates how to confidently perform a security audit on an Oracle database.
The course has been designed by Pete Finnigan and is up to date using all supported versions of Oracle from 9iR2 through Oracle 11g. The course gets the delegates up to speed on the reasons Oracle databases are invariably insecure. Everyone is brought up to the same level in terms of where to look, what to look for and why. The course shows how a security audit is planned, how to prepare yourself for it, your staff and your environments.
The course is aimed at the fundamentals of how to review a database and why and does not focus on simply running tools. It is important to understand why something is an issue, to understand how to check that its an issue and importantly understand the implications in respect to your own databases and applications before using pre-built or commercial tools.
The course is run on your own site and is over two days and includes the following topics:
Background to key database files, structures, configurations and files relative to security.
Oracle security tools, checklists and more .
Why audit an Oracle database .
Exploiting Oracle, SQL Injection, configuration, escalation of privilege and more.
Planning an audit .
Setting up for an audit, gathering tools, prepping laptop, people, access.
Starting the audit .
Software installed, versions and attack surface.
Enumerating users, password strength and more.
Assessing users, privileges and RBAC.
Auditing the Oracle database association with the file system.
Audit Oracle networking.
Audit the database configuration.
Specialist considerations, Credit cards, personally identifiable data and more.
Review the audit trail.
Data analysis, vulnerability assessment.
Document findings, develop a policy and deciding what to fix.
A look at some of the automated tools.
«ISSP Training Room»: Ukraine, Kyiv, 24 Poliova str., room №6
For more information and registration support contact Daryna Galata (email@example.com, (044) 393 15 66)