Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hackproofing Oracle EBusiness Suite

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a comprehensive security analysis of Oracle's eBusiness Suite in this Black Hat conference talk. Delve into the vulnerabilities discovered by David Litchfield, including unauthenticated remote code execution flaws, SQL injection vulnerabilities, and Cross Site Scripting bugs. Learn about the weaknesses in both 11.5 and 12.x versions, with demonstrations of exploit techniques. Discover methods to secure eBusiness Suite implementations against these attacks, covering topics such as trusted.conf, PL/SQL Gateway, HR UTIL DISP WEB, and SYSTEM.AD_APPS PRIVATE. Gain insights into protecting large corporate systems using this widely-deployed product, and participate in a Q&A session to address specific security concerns.

Syllabus

Intro
Who Am I?
eBusiness Suite Overview
eBusiness Suite components
eBusiness Suite Vulnerabilities
Some 11.5 Issues
trusted.conf
PL/SQL Gateway
HR UTIL DISP WEB
display_fatal errors
Attack Sequence
ORACLESSWA
RUNFUNCTION
Arbitrary SQL
Some 12.x Issues
Many ways to skin a cat
JSP forwards
Auxiliary Inject Functions 1/2
Executing SQL as SYS
SQL Injection in SYSTEM.AD_APPS PRIVATE
Securing 12.x and 11.5
Specific to Securing 11.5
Securing eBusiness Suite
Questions?

Taught by

Black Hat

Reviews

Start your review of Hackproofing Oracle EBusiness Suite

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.