Oracle Database Security Audit with Pete Finnigan, 19-20 May, Sarajevo May 18, 2010

This course teaches the delegates how to confidently perform a security audit on an Oracle database. The course gets the delegates up to speed on the reasons Oracle databases are invariably insecure. Everyone is brought up to the same level in terms of where to look, what to look for and why. The course shows how a security audit is planned, how to prepare yourself for it, your staff and your environments. The course is aimed at the fundamentals of how to review a database and why and does not focus on simply running tools. It is important to understand why something is an issue, to understand how to check that its an issue and importantly understand the implications in respect to your own databases and applications before using pre-built or commercial tools.
The course is up to date using all supported versions of Oracle from 9iR2 through Oracle 11g.

Objectives:

* Understand why an Oracle database and application may have been configured insecurely
* Understand why and how hackers can attack a database
* Enable the participant to think like a hacker and better understand how to secure a database
* Enable the participant to plan an audit and implement all of the ground work to carry out an audit
* Enable the participant to perform a security audit using the basic principals applied manually
* Understand how to assess the data gathered during an audit and locate and correct the issues
* Fully document the audit process and present the results to management

Topics:

* Lesson 1 - Start From The Beginning
* Lesson 2 - Information And Exploits
* Lesson 3 - Planning And Starting The Audit
* Lesson 4 - Interview, Base Data And Users
* Lesson 5 - Operating System And Network
* Lesson 6 - Database Configuration
* Lesson 7 - Specialist Considerations
* Lesson 8 - Writing Up The Audit

Official Website: http://cli.gs/AD6V2g