The Oracle Hacker's Handbook. Hacking and Defending Oracle



Similar documents
Strategic Analysis of the Impact of Big Data on the European and North American Automotive Industry

World Wireless Protocol Analyzers and Network Monitoring Systems

Analysis of the Global Enterprise Firewall Market

World Enterprise, Broadband, Mobile Video Transcoders Market

2015 U.S. Technical and Trade Schools Industry - Industry Report

U.S. Call Center Software Markets

BP p.l.c. (BP) Company Profile- Business Overview, Strategies, SWOT and Financial Analysis

A Project Manager's Book of Forms. A Companion to the PMBOK Guide. 2nd Edition

Individual Life Insurance in Indonesia to 2019: Market Databook

Global Big Data Analytics Market for Test and Measurement

Brochure More information from

"Personal Accident and Health Insurance Claims and Expenses in Morocco to 2018: Market Databook"

Jindal Steel & Power Ltd (JSPL) Company Profile- Business Overview, Key Strategies, Operations and SWOT

Strategic Global Sourcing Best Practices

Project Scheduling and Management for Construction. 4th Edition. RSMeans

'Personal Accident and Health Insurance Premiums and Claims in Australia to 2018: Market Brief' contains

IP VPN Market Forecast in India to 2016

Personal Accident and Health Insurance Investments in Russia to 2018: Market Databook

Excel 2013 Power Programming with VBA. Mr. Spreadsheet's Bookshelf

2005 Best Practices in Telephone Customer Service: A Call Center Benchmark Report (Full Report)

ZOHO Company Profile, focussing on CRM Activities

Personal Accident and Health Insurance Claims and Expenses in Belarus to 2016: Market Databook

Next Generation Enterprise Mobility Management Market Insight

'Personal Accident and Health Insurance Premiums and Claims in Kenya to 2018: Market Brief' contains

Global Multiple Sclerosis Epidemiology and Patient Flow Analysis

Forms 1099 & W-9 Update - Current Year IRS Information Reporting Form Guidelines - Recorded Webinar

Global Multiple Myeloma Epidemiology and Patient Flow Analysis

The Practical Guide to Project Management Documentation

Global Haemophilia Epidemiology and Patient Flow Analysis

Individual Life Insurance in Russia to 2016: Market Databook

Personal Accident and Health Insurance Claims and Expenses in South Africa to 2017: Market Databook

Non-Life Insurance Premiums and Claims in Georgia to 2017: Market Brief

Non-Life Insurance Premiums and Claims in Brazil to 2018: Market Brief

Public Cloud Computing Market for SMBs in India - Affordable Connectivity and Virtualization Technologies to Drive Adoption of Public Cloud

Global Physical Security Information Management Market Assessment

Mutual of Omaha Insurance Company - Strategic SWOT Analysis Review

Global Opioid Dependence Drugs Market Highlights

Global Big Data Analytics Market

U.S. Database Management System Software by Vertical Market

The Laboratory Quality Assurance System. A Manual of Quality Procedures and Forms. 3rd Edition

Europe Rheumatoid Arthritis Market Highlights

Analysis of the Brazilian Data Center Power Supplies Market

Analysis of the North American Automotive Wire and Cable Materials Market: Price-performance Index of Materials Will be Key in Driving Growth

Enterprise Service Bus (ESB) - Global Strategic Business Report

Strategic Analysis of Fleet Vehicle Leasing Market in Ireland

Trends and Opportunities in the UAE Life Insurance Industry to 2016: Market Profile

Cloud Infrastructure Testing and Cloud-based Application Performance Monitoring Market

Web Design. A Complete Introduction

General Dynamics Corporation - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Professional Alfresco. Practical Solutions for Enterprise Content Management

Effective Software Project Management

Saudi Cable Company Company Profile - Business Description, Strategies and SWOT Analysis

The Fundamentals of Organizational Behavior. What Managers Need to Know

Genesis Oil & Gas Consultants Ltd Company Profile - Business Description, Strategies and SWOT Analysis

Premiere Global Services, Inc. Company Profile - Business Description, Strategies, SWOT and Financial Analysis

Predictive Analytics for Human Resources. Wiley and SAS Business Series

Enbridge Energy Management, L.L.C. Company Profile - Business Description, Strategies and SWOT Analysis

VASCO Data Security International, Inc Company Profile - Business Description, Strategies, SWOT and Financial Analysis

Corinthian Colleges Inc. Company Profile - Business Description, Strategies, SWOT and Financial Analysis

Risk and Financial Management in Construction

Trends and Opportunities in Cambodia Personal Accident and Health Insurance Industry to 2017: Market Profile

Penetration Testing: Advanced Oracle Exploitation Page 1

General Cable Corporation - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Vulnerability Management (VM) - Global Market Analysis

Miclyn Express Offshore Limited Company Profile - Business Description, Strategies and SWOT Analysis

London Stock Exchange Group PLC Company Profile - Business Description, Strategies, SWOT and Financial Analysis

Project Manager's Spotlight on Change Management

Enterprise VoIP - Future Potential of the Indian Market for Managed VoIP Solutions

Global Big Data Storage and Server Market

Mangalore Electricity Supply Company LimitedCompany Profile - Business Description, Strategies and SWOT Analysis

Essentials of Working Capital Management. Essentials Series

Port of Melbourne CorporationCompany Profile - Business Description, Strategies and SWOT Analysis

North American Video Conferencing Hosted and Managed Services Market: Growing Amidst a Long-term Transition and Economic Turbulence

Insights into Big Data and Analytics in Brazil

North America Insurance Market Outlook to US Insurance Market Headstarting the Lost Momentum

Waste Management: Company Profile

Western European Storage Area Network (SAN) Market

EMR - Emerson Electric CoCompany Profile - Business Description, Strategies and SWOT Analysis

Global Privileged Identity Management Market

Chicago Bridge & Iron Company N.V. - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Brochure More information from

Code of Practice for Cyber Security in the Built Environment

Practical Database Programming With Visual C#.NET

Varma Mutual Pension Insurance Company - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

European Enterprise Resource Management Software Markets

Transcription:

Brochure More information from http://www.researchandmarkets.com/reports/2251170/ The Oracle Hacker's Handbook. Hacking and Defending Oracle Description: Knowledge is power, and the power can be yours While Oracle continues to improve the security features of its product, it still has a long way to go. David Litchfield has devoted years to relentlessly searching out the flaws in this ubiquitous database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems. Like The Shellcoder's Handbook and The Database Hacker's Handbook, this in depth guide explores every technique and tool used by black hat hackers to invade and compromise Oracle. It shows you how to find the weak spots and defend them. Without that knowledge, you have little chance of keeping your databases truly secure. - Discover how to deal with the security flaws revealed in the Oracle RDBMS - Explore some never before published forays into Oracle security holes and learn to defend them from attack - Learn why independent security assessments are not necessarily a guarantee of safety - See how Oracle 10g Release 2 has improved its security features and where the flaws remain - Take advantage of extensive and valuable code downloads on the companion Web site Visit our Web site at company website Contents: About the Author. Acknowledgments. Introduction. Code Samples from the Book. Oracle and Security. The Unbreakable Marketing Campaign. Independent Security Assessments. The Future. Chapter 1 Overview of the Oracle RDBMS. Architecture. Processes. The File System. The Network. Database Objects. Users and Roles. Privileges. Oracle Patching.

Chapter 2 The Oracle Network Architecture. The TNS Protocol. The TNS Header. Inside the Packet. Getting the Oracle Version. The Listener Version and Status Command. Using the TNS Protocol Version. Using the XML Database Version. Using TNS Error Text. Using the TNS Version TTC Function. Chapter 3 Attacking the TNS Listener and Dispatchers. Attacking the TNS Listener. Bypassing 10g Listener Restrictions. The Aurora GIOP Server. The XML Database. Chapter 4 Attacking the Authentication Process. How Authentication Works. Attacks Against the Crypto Aspects. Default Usernames and Passwords. Looking in Files for Passwords. Account Enumeration and Brute Force. Long Username Buffer Overflows. Chapter 5 Oracle and PL/SQL. What Is PL/SQL? PL/SQL Execution Privileges. Wrapped PL/SQL. Wrapping and Unwrapping on 10g.

Wrapping and Unwrapping on 9i and Earlier. Working without the Source. PL/SQL Injection. Injection into SELECT Statements to Get More Data. Injecting Functions. Injecting into Anonymous PL/SQL Blocks. The Holy Grail of PLSQL Injection. Investigating Flaws. Direct SQL Execution Flaws. PL/SQL Race Conditions. Auditing PL/SQL Code. The DBMS ASSERT Package. Some Real World Examples. Exploiting DBMS CDC IMPDP. Exploiting LT. Exploiting DBMS CDC SUBSCRIBE and DBMS CDC ISUBSCRIBE. PLSQL and Triggers. Chapter 6 Triggers. Trigger Happy: Exploiting Triggers for Fun and Profit. Examples of Exploiting Triggers. The MDSYS.SDO GEOM TRIG INS1 and SDO GEOM TRIG INS1 Triggers. The MDSYS SDO CMT CBK TRIG Trigger. The SYS.CDC DROP CTABLE BEFORE Trigger. The MDSYS.SDO DROP USER BEFORE Trigger. Chapter 7 Indirect Privilege Escalation. AHop, a Step, and a Jump: Getting DBA Privileges Indirectly. Getting DBA from CREATE ANY TRIGGER. Getting DBA from CREATE ANY VIEW. Getting DBA from EXECUTE ANY PROCEDURE. Getting DBA from Just CREATE PROCEDURE.

Chapter 8 Defeating Virtual Private Databases. Tricking Oracle into Dropping a Policy. Defeating VPDs with Raw File Access. General Privileges. Chapter 9 Attacking Oracle PL/SQL Web Applications. Oracle PL/SQL Gateway Architecture. Recognizing the Oracle PL/SQL Gateway. PL/SQL Gateway URLs. Oracle Portal. Verifying the Existence of the Oracle PL/SQL Gateway. The Web Server HTTP Server Response Header. How the Oracle PL/SQL Gateway Communicates with the Database Server. Attacking the PL/SQL Gateway. The PLSQL Exclusion List. Chapter 10 Running Operating System Commands. Running OS Commands through PL/SQL. Running OS Commands through Java. Running OS Commands Using DBMS SCHEDULER. Running OS Commands Directly with the Job Scheduler. Running OS Commands Using ALTER SYSTEM. Chapter 11 Accessing the File System. Accessing the File System Using the UTL FILE Package. Accessing the File System Using Java. Accessing Binary Files. Exploring Operating System Environment Variables. Chapter 12 Accessing the Network.

Data Exfiltration. Using UTL TCP. Using UTL HTTP. Using DNS Queries and UTL INADDR. Encrypting Data Prior to Exfiltrating. Attacking Other Systems on the Network. Java and the Network. Database Links. Appendix A Default Usernames and Passwords. Index. Ordering: Order Online - http://www.researchandmarkets.com/reports/2251170/ Order by Fax - using the form below Order by Post - print the order form below and send to Research and Markets, Guinness Centre, Taylors Lane, Dublin 8, Ireland.

Page 1 of 2 Fax Order Form To place an order via fax simply print this form, fill in the information below and fax the completed form to 646-607-1907 (from USA) or +353-1-481-1716 (from Rest of World). If you have any questions please visit http://www.researchandmarkets.com/contact/ Order Information Please verify that the product information is correct. Product Name: Web Address: Office Code: The Oracle Hacker's Handbook. Hacking and Defending Oracle http://www.researchandmarkets.com/reports/2251170/ SC Product Format Please select the product format and quantity you require: Hard Copy (Paper back): Quantity USD 98 + USD 28 Shipping/Handling * Shipping/Handling is only charged once per order. Contact Information Please enter all the information below in BLOCK CAPITALS Title: Mr Mrs Dr Miss Ms Prof First Name: Last Name: Email Address: * Job Title: Organisation: Address: City: Postal / Zip Code: Country: Phone Number: Fax Number: * Please refrain from using free email accounts when ordering (e.g. Yahoo, Hotmail, AOL)

Page 2 of 2 Payment Information Please indicate the payment method you would like to use by selecting the appropriate box. Pay by credit card: You will receive an email with a link to a secure webpage to enter your credit card details. Pay by check: Please post the check, accompanied by this form, to: Research and Markets, Guinness Center, Taylors Lane, Dublin 8, Ireland. Pay by wire transfer: Please transfer funds to: Account number 833 130 83 Sort code 98-53-30 Swift code IBAN number Bank Address ULSBIE2D IE78ULSB98533083313083 Ulster Bank, 27-35 Main Street, Blackrock, Co. Dublin, Ireland. If you have a Marketing Code please enter it below: Marketing Code: Please note that by ordering from Research and Markets you are agreeing to our Terms and Conditions at http://www.researchandmarkets.com/info/terms.asp Please fax this form to: (646) 607-1907 or (646) 964-6609 - From USA +353-1-481-1716 or +353-1-653-1571 - From Rest of World

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information