Development and Tools
Friday, 18. October 2019., 15:25
This is a 45 minute session that is an expansion to “Holistic Database Security” presentation that will help you secure your high performance code from sql injection attacks.We will examines common errors in pl/sql that leads to sql injection attacks. This session will define the sql injection attack vector and various ways to write code that is immune to sql injection and improve the performance of your code.-We will be covering a code architecture that separate data from code that also helps trace bottlenecks.-We will be covering Oracle PL/SQL 12C features that limit access paths to data thereby implementing part of the trusted path.-We will be covering other PL/SQL features from before 12C that help to ensure your pl/sql does what you expect it to do.- We will covering how to handle errors in your code. One of the first thing an attacker will try to generate is error messages to learn about your system. These error messages can tell the attacker what database and version you are running, and is their sql injection attack properly constructed.