Oracle Database Application Security

1. Front Matter

   Pages i-xvii

   PDF

2. Encryption

   • Osama Mustafa, Robert P. Lockard

   Pages 1-45

3. Audits

   • Osama Mustafa, Robert P. Lockard

   Pages 47-74

4. Privilege Analysis

   • Osama Mustafa, Robert P. Lockard

   Pages 75-123

5. Oracle Database Threats

   • Osama Mustafa, Robert P. Lockard

   Pages 125-166

6. Network Access and Evaluation

   • Osama Mustafa, Robert P. Lockard

   Pages 167-195

7. Secure Coding and Design

   • Osama Mustafa, Robert P. Lockard

   Pages 197-244

8. Single Sign-On

   • Osama Mustafa, Robert P. Lockard

   Pages 245-331

9. Back Matter

   Pages 333-341

   PDF

Focus on the security aspects of designing, building, and maintaining a secure Oracle Database application. Starting with data encryption, you will learn to work with transparent data, back-up, and networks. You will then go through the key principles of audits, where you will get to know more about identity preservation, policies and fine-grained audits. Moving on to virtual private databases, you’ll set up and configure a VPD to work in concert with other security features in Oracle, followed by tips on managing configuration drift, profiles, and default users. 


Shifting focus to coding, you will take a look at secure coding standards, multi-schema database models, code-based access control, and SQL injection. Finally, you’ll cover single sign-on (SSO), and will be introduced to Oracle Internet Directory (OID), Oracle Access Manager (OAM), and Oracle Identity Management (OIM) by installing and configuring them to meet your needs. 


Oracle databases hold the majority of the world’s relational data, and are attractive targets for attackers seeking high-value targets for data theft. Compromise of a single Oracle Database can result in tens of millions of breached records costing millions in breach-mitigation activity. This book gets you ready to avoid that nightmare scenario.


What You Will Learn

• Work with Oracle Internet Directory using the command-line and the console 
• Integrate Oracle Access Manager with different applications 
• Work with the Oracle Identity Manager console and connectors, while creating your own custom one 
• Troubleshooting issues with OID, OAM, and OID
• Dive deep into file system and network security concepts 

Who This Book Is For


Oracle DBAs and developers. Readers will need a basic understanding of Oracle RDBMS and Oracle Application Server to take complete advantage of this book.

• security
• OIM
• OAM
• OID
• database
• audit
• encryption
• network
• SSO

• Amman, Jordan

  Osama Mustafa

• Baltimore, USA

  Robert P. Lockard

Osama Mustafa is a database specialist, an Oracle ACE Director, Certified Oracle Professional (10g, 11g), Certified Ethical Hacker and Sun System Administrator. Osama currently works as an Oracle Instructor in the Middle East. He also works on troubleshooting and the implementation of database projects. He spends his free time on Oracle OTN forums and publishes many articles, including Oracle database articles, on his blog.

Robert P. Lockard is an Oracle ACE Director, a professional Oracle DBA, designer, developer, and project manager with more than three decades of experience. For the past twenty years he has worked as an independent consultant providing quality services to his customers at a reasonable price. Robert has worked in financial intelligence tracking money laundering, terrorist money, and identity theft. He has also worked in the cyber crimes arena tracking attacks on information systems. He specializes in evaluating and securing your Oracle database environment from threats both external and internal.

Policies and ethics