SQL Injection Oracle Security Paper By Pete Finnigan

I've just come across Pete Finnigan's website, where's he's put together an excellent set of links through to Oracle security papers written by himself and other third parties. One particularly interesting paper is on Detecting SQL Injection In Oracle, a bit of a 'hot topic' these days summed as;

"SQL Injection is a way to attack the data in a database through a firewall protecting it. It is a method by which the parameters of a Web-based application are modified in order to change the SQL statements that are passed to a database to return data. For example, by adding a single quote ( ) to the parameters, it is possible to cause a second query to be executed with the first. "

Some other useful papers available on the site include "An Introduction To Simple Oracle Auditing", "Exploiting And Protecting Oracle", and "A Simple Oracle Security Scanner". Pete specializes in Oracle Security and offers a detailed security audit of Oracle databases, details of which are on the website homepage.