Difference between revisions of "Category:OWASP Oracle Project"

From OWASP
Jump to: navigation, search
(New page: The OWASP Oracle Project's goal is to enable administrator and developers using Oracle databases, frameworks or tooling to build secure applications efficiently. [edit] Oracle Security Ov...)
 
Line 1: Line 1:
 
The OWASP Oracle Project's goal is to enable administrator and developers using Oracle databases, frameworks or tooling to build secure applications efficiently.
 
The OWASP Oracle Project's goal is to enable administrator and developers using Oracle databases, frameworks or tooling to build secure applications efficiently.
  
[edit] Oracle Security Overview
+
==Oracle Security Overview==
  
Oracle Security for Architects
+
Why Oracle Security???
  
Oracle Security for Administrators
+
For Architects
 +
With Oracle now supporting the grid computing architecture, security has spread from one machine to several, which increases the chance on a vulnerability.
  
Oracle Security for Developers
+
For Administrators
 +
Oracle is not the fastest releaser of patches, but because of the complexity of most systems, also DBA's often take their time to patch the system, because they don't want to break a running application. Also Oracle is great at enabling a lot of features by default, if you don't know what they do and which you really need, you could have a lot more vulnerabilities than you could handle. A DBA simply needs to understand who is accessing their database and how it is done.
  
Oracle Security for Deployers
+
For Developers
 +
Legacy frameworks like Oracle Designer and Oracle Forms have built-in support for making a SQL injection, even when working in two tier. The newer framesworks (like ADF and Application Express) are meta-frameworks wich makes understanding what is going on, on a lower level, virtually impossible for most developers.
  
Oracle Security for Testers
+
For Deployers
 +
Since most DBA's are now unintended Web- and ASadministrators, their knowledgde is small and one-sided.
 +
 
 +
For Testers
 +
Even though the old Oracle products are well known and the newer ones are J2EE based, their possibilties are not that well documented, so finding vulnerabilities for most testers will be a lot harder than say a .net enviroment.

Revision as of 12:47, 24 June 2007

The OWASP Oracle Project's goal is to enable administrator and developers using Oracle databases, frameworks or tooling to build secure applications efficiently.

Oracle Security Overview

Why Oracle Security???

For Architects With Oracle now supporting the grid computing architecture, security has spread from one machine to several, which increases the chance on a vulnerability.

For Administrators Oracle is not the fastest releaser of patches, but because of the complexity of most systems, also DBA's often take their time to patch the system, because they don't want to break a running application. Also Oracle is great at enabling a lot of features by default, if you don't know what they do and which you really need, you could have a lot more vulnerabilities than you could handle. A DBA simply needs to understand who is accessing their database and how it is done.

For Developers Legacy frameworks like Oracle Designer and Oracle Forms have built-in support for making a SQL injection, even when working in two tier. The newer framesworks (like ADF and Application Express) are meta-frameworks wich makes understanding what is going on, on a lower level, virtually impossible for most developers.

For Deployers Since most DBA's are now unintended Web- and ASadministrators, their knowledgde is small and one-sided.

For Testers Even though the old Oracle products are well known and the newer ones are J2EE based, their possibilties are not that well documented, so finding vulnerabilities for most testers will be a lot harder than say a .net enviroment.

Pages in category "OWASP Oracle Project"

The following 6 pages are in this category, out of 6 total.