Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Oracle Data Redaction is Broken

Black Hat via YouTube

Overview

Explore the vulnerabilities in Oracle's data redaction service, introduced in Oracle 12c, through this Black Hat conference talk. Learn how the service, designed to protect sensitive data like PII, can be bypassed by attackers, potentially leading to privilege escalation. Delve into the history of Oracle security issues, examine the implementation flaws, and discover multiple attack vectors that compromise the redaction feature. Understand the implications for PCI compliance and data encryption. Compare Oracle's approach to Microsoft's, and gain insights into Oracle's internal processes and documentation practices. Discover practical strategies to protect against these vulnerabilities and critically evaluate the effectiveness of Oracle's data redaction service in real-world scenarios.

Syllabus

Introduction
Who am I
History
Launching External Procedures
Oracles Fix
Backend Bypass
Patches
Oracle vs Microsoft
Oracle Data Redaction
Why Redaction
How it works
XML query vulnerability
Updating a column
Brute force
Common Criteria
Protection Profile
Data is not changed
Is it useful
PCI compliance
Data encryption
How do I protect against this
Oracles internal processes
Its not rocket science
No documentation
Oracle Fusion Media Pack

Taught by

Black Hat

Reviews

Start your review of Oracle Data Redaction is Broken

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.