Appreciation of Oracle Security

Course description

This course is a one day seminar that gives the delegates an appreciation of what is involved in securing the Oracle database platform and also securing data in an Oracle database. The class starts the day with the basics; what is security and what is data security? We go on to discuss why your data leaks and is insecure before examining some sample exploits and techniques used by attackers. What are the basics of Oracle security; good design, data domains, data security and user security. We continue with a discussion on secure coding as well as audit trail design and how to deal with an incident or forensic analysis. We complete the day with looking at policy creation, tools and options available as well as defining a strategy.

Course goals

The aim of the class is for students to get an appreciation of where the risks lie in processing and use
of data in their organisations Oracle databases. The goal is to lay out all of the major areas of issue
and also possible solutions. The students will cover:

  • How data is stolen and stored weakly in an Oracle database
  • How to plan for data security and to develop and create a data security policy
  • How to focus your efforts on securing the right data using the right solutions

Course Pre-Requisites

The class is intended for DBAs, developers, security professionals, IT management and anyone involved in deploying, developing and maintaining Oracle databases. No detailed technical knowledge of Oracle databases is necessary in advance.

Course Material

The student will receive a URL to download a zip file that includes:

  • The course notes as PDF files
  • Free PL/SQL tools and scripts
  • All of the examples used as SQL and PL/SQL scripts

Course Outline

This course is fast-paced and very interesting and is delivered by one of the most well-known experts in database security.

Introduction

  • What is Oracle Security?
  • What is data security?
  • Threats, risks, counter measures.
  • Pro-Active or Reactive?

Data Loss and Attacks

  • How does Oracle process your data?
  • What are the data issues that affect Security?
  • How do your decisions make your data insecure?
  • How do people attack your database and data?

The Basics

  • Design security, don’t make it up!
  • Data domains.
  • Data security.
  • User security.
  • Context based security.

Secure Coding

  • What is SQL Injection?
  • What other types of code attacks are there?
  • Secure coding techniques.

Design Audit Trails

  • Designing Audit Trails.
  • I want to know!
  • Options available.
  • Management.
  • Reporting and alerts.

Attacks and Forensics

  • Incident response approach and possible tools to use.
  • Where to find evidence?
  • What if I have no audit?
  • What to do next?

Choosing The Right Approach to Secure Your Databases

  • Creation of a Policy.
  • The security features of the Oracle database.
  • Additional cost options.
  • Third party options and products.
  • What if you do not license features?

Finishing Up

  • The journey today.
  • Automated testing and where to learn more.

About the instructor

Pete Finnigan created the SANS Oracle security step-by-step guide and the CIS Oracle benchmark used by NIST, USA DoD and more is a reference to secure Oracle databases. Pete worked out the mechanisms that Oracle used to protect PL/SQL and showed how they can be easily defeated at the Black Hat conference in Las Vegas in 2006. Pete has published multiple books on databases security and speaks and publishes papers regularly. His company also produces the tool PFCLScan used to protect Oracle databases.

Duration

The class is one day, 12.30 to 20.00 pm and is instructor lead with some demonstrations.

Location

Promennt, Skeifan 11b, 108 Reykjavík

Price

The price for the course is ISK 89,500 (roughly €720). If you also want to attend the “Hardening and Securing Oracle” course the price for both is ISK 159,500 (roughly €1290).

This price includes the fee for the course, refreshments during breaks as well as the course material.

Register for Appreciation of Oracle security or register for this course and Hardening and securing Oracle.

Hardening and Securing Oracle

Course description

This course is a one-day seminar that teaches the delegates how to perform simple yet cost effective security measures where appropriate in their databases. This is with a single goal to reduce the risk to attack, misuse and abuse of data held in their Oracle databases.

The class starts the day with a detailed penetration test of our sample database and its applications and shows how the database platform itself can be attacked as well as data stolen or accessed in the database. The day goes on to harden the database in detail with lots of practical  examples and the day is completed by a re-test of the attacks to show how much more secure the database has become.

Course Goals

Most databases that are built are unfortunately designed with a bigger focus on performance, functionality and availability with security being the poorer cousin. If you are charged with designing, building or managing an Oracle database then you must consider; what are the risks to the security and validity of “your data”. This class focuses on structured hardening and locking down of key data and key activities in your databases with some free tools and examples to help you improve your skills in securing data in an Oracle database.

Course Pre-Requisites

The class is intended for DBAs and security professionals who should appreciate the techniques used to lock down and secure the database. Developers will also appreciate some of the code based techniques used in context-based security.

Course Material

The student will receive a URL to download a zip file that includes:

  • The course notes as PDF files.
  • Free PL/SQL tools and scripts.
  • All of the examples used as SQL and PL/SQL scripts.

Course Outline

This course is fast paced and very interesting and is delivered by one of the most well-known experts in database security. The course outline is as follows:

Introduction

  • Where does lock down fit in the data security process?

Attack and Defence

  • Penetration testing of the database and applications.
  • Review design choices and consequences.
  • Review data leakage and consequences.
  • Analyse the results and Audit trails.

Hardening The Operating System and Network

  • What is hardening?
  • Operating system hardening.
    • Defaults, clean up, lock down, permissions.
  • Network hardening.
    • Defaults, listener.

Patching and Hardening the Database

  • Database Security patches and hardening.
  • Setting parameters.
  • Controlling privileges on code and objects.
  • Default users and functionality.

User based Security

  • User Analysis and account security.
  • Profile design.
  • Privilege analysis, separation and duplication.
  • DBA roles and access.
  • Third party and developer access.

Data and Context Based Security

  • Data access privileges.
  • Account provisioning.
  • Resource Access.
  • Context-based security and Break glass.

Strong Audit Solutions

  • Audit Levels and design.
  • Policy Based database Audit.
  • PFCLATK a toolkit.

Finishing Up

  • The journey today.
  • Hacking the demo system again.
  • Review.
  • Is it secure?
  • Do we detect attacks?

About the instructor

Pete Finnigan created the SANS Oracle security step-by-step guide and the CIS Oracle benchmark used by NIST, USA DoD and is a reference to secure Oracle databases. Pete worked out the mechanisms that Oracle used to protect PL/SQL and showed how they can be easily defeated at the Black Hat conference in Las Vegas in 2006. Pete has published multiple books on databases security and speaks and publishes papers regularly. His company also produces the tool PFCLScan used to protect Oracle databases.

Duration

The class is one day, 12.30 to 20.00 pm and is instructor lead with some demonstrations.

Location

Promennt, Skeifan 11b, 108 Reykjavík.

Price

The price for the course is ISK 89,500 (roughly €720). If you also want to attend the “Appreciation of Oracle Security” course the price for both is ISK 159,500 (roughly €1290).

This price includes the fee for the course, refreshments during breaks as well as the course material.

Register for Hardening and securing Oracle or register for this course and Appreciation of Oracle security.

Miracle IdentPAN – síða

Building Desktop APEX Applications

Oracle Application Express – or APEX – is a powerful, supported, no-cost feature of the Oracle Database.  With APEX, you can easily, quickly and securely build web applications that interact with data stored in your Oracle databases.  Built on PL/SQL, APEX allows you to leverage much of your Oracle investment, as most of the PL/SQL-based business rules can remain “as is”, with little or no modification.

Both new developers and experienced Oracle veterans can find a new home with Oracle APEX, leveraging their existing talents, as well as learning new ones.

What you will learn

This 3-day course is an introduction to developing web applications using Oracle Application Express, or simply APEX. The course starts out with an overview of data model of the application that student will build. It then transitions to the SQL Workshop portion of APEX, where basic database object management concepts are addressed.

The bulk of the remainder of the class focuses on building an APEX application, starting with the core components that make up the foundation of the application. Students will then build several forms and reports, which allow user interaction with the data. Next, additional types of forms and reports will be introduced, as well as more advanced techniques used when managing them. The course will conclude with a review of the basic security attributes of an application as well as how to prepare and deploy it to a production environment.

The general course outline is as follows:

  • SQL Workshop
    • Creating the Base Objects Using a Script
    • Altering Objects and Creating Functions Using a Script
    • Altering Objects Manually
    • User Interface Defaults
  • Creating the Base Application
    • The Create Application Wizard
    • Public Pages
    • Navigation Bar Entries
    • Global Pages
    • Breadcrumbs
    • Lists of Values
  • Forms, Reports & Lists
    • Admin Home Page
    • Form on a Table with Report
    • Tabular Forms
    • Modal Form & Dynamic Action
    • Lists
  • Advanced Forms, Reports and Pages
    • Card Report
    • Form w/DA Refresh
    • Multi-Functional Page
  • Reporting
    • Calendars
    • Interactive Reports
    • Charts
  • Security
    • Authentication
    • Conditional Security
    • Authorization Schemes
    • Read-Only Items
  • Deployment
    • Exporting and Importing Your Application

Target audience

This class is intended for Oracle database application developers and business users who wish to become proficient in building Oracle APEX applications.  All skill levels are welcome, but the course is focused on an introductory level of instruction.

Required skills

No prior experience is required, but a basic background in Oracle Forms, PL/SQL, SQL, HTML and CSS will be beneficial.

Which versions of are covered?

This course covers APEX 5.0; effort will be made to also address and demonstrate features from APEX 5.1.

About the speaker

Scott Spendolini is president & founder at Sumner Technologies, a world-class Oracle® services, education & solutions firm.  Throughout his professional career, he has assisted a number of clients from various verticals with their Oracle APEX development and training needs. Spendolini is a long-time and regular presenter at many Oracle-related conferences, including Oracle OpenWorld, KScope, and RMOUG. He is a recipient of the Oracle Ace Director designation, author of Expert Oracle Application Express Security and co-author of Pro Oracle Application Express.  Spendolini is also an Oracle Certified Oracle Application Express developer.

Prior to reigniting Sumner Technologies in 2015, Spendolini was an APEX Practice director at Accenture and Enkitec from June 2012 through April 2015.  Before joining Enkitec as part of an acquisition,  he co-founded and ran Sumneva and Sumner Technologies from 2005 through 2012, which focused on Oracle APEX services, education & solutions.  Spendolini started his professional career at Oracle Corporation, where he worked with Oracle eBusiness Suite for almost 7 years and was a Senior Product Manager for Oracle APEX for just over three years.  He holds a dual bachelors degree from Syracuse University in Management Information Systems and Telecommunications Management and currently resides in Ashburn, Virginia with his wife and two children.

When is it planned

March 28th – 30th 2017.

Venue

Promennt, Skeifan 11b, 108 Reykjavík

Price

The price for the three-day course is ISK 269,500 (roughly €2,330).

This price includes the fee for the course, refreshments during breaks as well as the course material.

Email us at info@miracle.is for more information or register here.

Troubleshooting Oracle Performance

What do you do when your application isn’t running fast enough? You troubleshoot, of course. Finding the slow part of an application is often the easy part of the battle. It’s finding a solution that’s difficult. This seminar helps by providing a systematic approach to addressing the underlying causes of poor database application performance. The speaker freely shares his experience while explaining the underlying foundations of how the database engine executes SQL statements. You’ll be able to draw a solid foundation of theory and shared experience as you face head-on the performance challenges in your daily work.

What you will learn

This 2-day seminar is an introduction to diagnosing and resolving performance problems in database-backed applications involving Oracle Database. The content, which is based on the second edition of the book Troubleshooting Oracle Performance (Apress, 2014), in addition to introduce basics about performance optimization and Oracle Database, shows you how to do the following:

  • Identify performance problems using a systematic and repeatable approach.
  • Obtain and interpret execution plans as well as assess whether they are inefficient.
  • Apply SQL optimization techniques such as hints, stored outlines, SQL profiles and SQL plan baselines.
  • Optimize data access and joins.

Target audience

The seminar is intended for application developers, database administrators, and performance analysts who want to improve their skills in troubleshooting performance problems in applications using Oracle Database.

Required skills

No specific knowledge in performance optimization is required. However, readers are expected to have a working knowledge of Oracle Database and to be proficient with SQL.

Which versions of are covered?

The most important concepts covered in the seminar are independent of the version of Oracle Database you’re using. It’s inevitable, however, that when details about the implementation are discussed, some information is version-specific. This seminar explicitly discusses the following versions:

  • Oracle Database 11g Release 2, up to and including version 11.2.0.4.0
  • Oracle Database 12c Release 1, up to and including version 12.1.0.2.0
  • Oracle Database 12c Release 2, version 12.2.0.1.0

About the speaker

Since 1995, Christian Antognini has focused on understanding how the Oracle Database engine works. His main interests include logical and physical database design, the query optimizer and basically everything else related to application performance management. He is currently working as a senior principal consultant and trainer at Trivadis in Zürich, Switzerland.

If Christian is not helping one of his customers get the most out of Oracle Database, he is somewhere lecturing on application performance management or new Oracle Database performance features. In addition to classes and seminars organized by Trivadis, he regularly presents at conferences and user-group meetings. He is a proud member of the OakTable Network and an Oracle ACE Director. Christian is the author of Troubleshooting Oracle Performance (Apress, 2008/2014) and the co-author of Der Oracle DBA (Hanser, 2011/2016).

When is it planned

29-30 May 2017

Venue

The exact location will be announced later but we can tell you that the event will take place in Reykjavík, Iceland.

PRICE

The price for the two-day course is ISK 179,500 (roughly €1,490).

This price includes the fee for the course, refreshments during breaks as well as a copy of the book Troubleshooting Oracle Performance (Apress, 2014).

Email us at info@miracle.is for more information.