Hackproofing Oracle EBusiness Suite
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a comprehensive security analysis of Oracle's eBusiness Suite in this Black Hat conference talk. Delve into the vulnerabilities discovered by David Litchfield, including unauthenticated remote code execution flaws, SQL injection vulnerabilities, and Cross Site Scripting bugs. Learn about the weaknesses in both 11.5 and 12.x versions, with demonstrations of exploit techniques. Discover methods to secure eBusiness Suite implementations against these attacks, covering topics such as trusted.conf, PL/SQL Gateway, HR UTIL DISP WEB, and SYSTEM.AD_APPS PRIVATE. Gain insights into protecting large corporate systems using this widely-deployed product, and participate in a Q&A session to address specific security concerns.
Syllabus
Intro
Who Am I?
eBusiness Suite Overview
eBusiness Suite components
eBusiness Suite Vulnerabilities
Some 11.5 Issues
trusted.conf
PL/SQL Gateway
HR UTIL DISP WEB
display_fatal errors
Attack Sequence
ORACLESSWA
RUNFUNCTION
Arbitrary SQL
Some 12.x Issues
Many ways to skin a cat
JSP forwards
Auxiliary Inject Functions 1/2
Executing SQL as SYS
SQL Injection in SYSTEM.AD_APPS PRIVATE
Securing 12.x and 11.5
Specific to Securing 11.5
Securing eBusiness Suite
Questions?
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network