Artwork

İçerik Black Hat and Jeff Moss tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Black Hat and Jeff Moss veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
Player FM - Podcast Uygulaması
Player FM uygulamasıyla çevrimdışı Player FM !

Pete Finnigan: How to Unwrap Oracle PL/SQL

53:53
 
Paylaş
 

Manage episode 153984281 series 1109074
İçerik Black Hat and Jeff Moss tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Black Hat and Jeff Moss veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
PL/SQL is the flagship language used inside the Oracle database for many years and through many versions to allow customers to implement their business rules and logic. Oracle has recognized that it is necessary for customers to protect their intellectual property coded in PL/SQL and has provided the wrap program. The wrapping mechanism has been cracked some years ago and there are unwrapping tools in the black hat community. Oracle has beefed up the wrapping mechanism in Oracle 10g to in part counter this. What is not common knowledge amongst the user community is that PL/SQL code installed in the database is not secure and can be read if you are in possession of an unwrapper. What is not common knowledge even in the security community is that Oracle always knew that PL/SQL can be unwrapped due to the methods chosen to wrap it in the first place, what is more surprising is that there are features and programs actually shipped with the database software that show how it is possible to unwrap PL/SQL without using reverse engineering techniques-if you know where to look! Pete Finnigan is well known in the Oracle community for hosting his Oracle security website, www.petefinnigan.com, which includes a whole raft of Oracle security information from blogs, forums, tools, papers and links. He is also the author of the "SANS Oracle Security Step-By-Step" guide book, he is also the author of the SANS GIAC Oracle security course. Pete currently works for Siemens Insight Consulting as head of their database security team performing security audits, training, design and architecture reviews. He has also written many useful Oracle security scripts and password lists available from his website and has also written many papers on the subject published by many different sites including Security Focus and iDefence. Pete is also a member of the OakTable a group of the world’s leading Oracle researchers."
  continue reading

86 bölüm

Artwork
iconPaylaş
 
Manage episode 153984281 series 1109074
İçerik Black Hat and Jeff Moss tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Black Hat and Jeff Moss veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
PL/SQL is the flagship language used inside the Oracle database for many years and through many versions to allow customers to implement their business rules and logic. Oracle has recognized that it is necessary for customers to protect their intellectual property coded in PL/SQL and has provided the wrap program. The wrapping mechanism has been cracked some years ago and there are unwrapping tools in the black hat community. Oracle has beefed up the wrapping mechanism in Oracle 10g to in part counter this. What is not common knowledge amongst the user community is that PL/SQL code installed in the database is not secure and can be read if you are in possession of an unwrapper. What is not common knowledge even in the security community is that Oracle always knew that PL/SQL can be unwrapped due to the methods chosen to wrap it in the first place, what is more surprising is that there are features and programs actually shipped with the database software that show how it is possible to unwrap PL/SQL without using reverse engineering techniques-if you know where to look! Pete Finnigan is well known in the Oracle community for hosting his Oracle security website, www.petefinnigan.com, which includes a whole raft of Oracle security information from blogs, forums, tools, papers and links. He is also the author of the "SANS Oracle Security Step-By-Step" guide book, he is also the author of the SANS GIAC Oracle security course. Pete currently works for Siemens Insight Consulting as head of their database security team performing security audits, training, design and architecture reviews. He has also written many useful Oracle security scripts and password lists available from his website and has also written many papers on the subject published by many different sites including Security Focus and iDefence. Pete is also a member of the OakTable a group of the world’s leading Oracle researchers."
  continue reading

86 bölüm

Tüm bölümler

×
 
Loading …

Player FM'e Hoş Geldiniz!

Player FM şu anda sizin için internetteki yüksek kalitedeki podcast'leri arıyor. En iyi podcast uygulaması ve Android, iPhone ve internet üzerinde çalışıyor. Aboneliklerinizi cihazlar arasında eş zamanlamak için üye olun.

 

Hızlı referans rehberi