Hacking and Securing Oracle

Alexander Kornbrust (Red-Database-Security), Sumit Siddharth (7safe)

Register Now

USA 2011 Weekend Training Session //July 30-31


The two-day hands-on course will teach the audience the security problems related to Oracle database. The training covers a variety of security problems arising from flaws such as insecure design, insecure features/packages, insecure PL/SQL code, patch management, weak passwords etc. The second day will focus on securing and hardening databases using built-in oracle features along with a number of externally available scripts and tools. Implementing auditing solutions will also be a part of the training. The audience will have access to an infrastructure with a number of Oracle components deployed, and they will be encouraged to identify/exploit/patch security vulnerabilities as they learn them. The training will provide software developers understanding of writing secure PL/SQL code, DBAs the understanding of thorough auditing of the database and penetration testers the understanding of how to break the unbreakable Oracle.

What to bring:

A working laptop with the following hardware/software requirements:

  • Windows Operating system running either natively or as a VMware image
  • Wireless enabled laptop with at least 2 GB of free space. USB or Bootable CD / DVD Drive and VMware Player installed.
  • Students should have Administrative access / privileges on the laptop for installing software.


  • Knowledge of relational databases.
  • Knowledge of penetration testing will be an advantage but is not essential.

What you get

Students will be provided with the following:

  • Comprehensive study material describing the oracle security. This will either be a printout of slides or will be in form of a book.
  • Access to a CD which will have a collection of tools needed in auditing/hacking/securing oracle.
  • Test scripts shown in demonstrations and lectures
  • Access to special 7safe mailing list where they can ask questions and share information.


Alexander Kornbrust is the founder of Red-Database-Security a company specialized in Oracle security. He provides Oracle security audits, security training and consulting to customers worldwide. Alexander audited 2000+ Oracle instances over the last years. Alexander is also the co-author of the book "SQL Injection Attacks and Defense ".

Alexander has worked since 1992 with Oracle and his specialties are the security of Oracle databases and secure software architectures. In the last 7 years Alexander has reported more than 420 security bugs to Oracle and gave various presentations on security conferences like Black Hat, Defcon, Bluehat, HITB,...

Sumit Siddharth (sid) works as a Principal Security Consultant for 7safe in the UK. He specializes in Web application and database security. Sid has been a speaker at many international conferences such as Blackhat, Defcon, Owasp, Troopers, Sec-T etc. He has reported a number of security flaws in Oracle and is known amongst the top Oracle security researchers. Sid holds the prestigious CREST certification and also runs the popular IT security blog www.notsosecure.com .

Ends April 30
Ends Jun 15
Ends Jul 29