Application Security Inc. - Database Security, Monitoring, Assessment, Auditing, Encryption, and Regulatory Compliance.
 
 
 
home client login partner login purchasing info contact us
search:
Solutions Products Partners Support News & Events About Us
add this
AppSec Inc Support

SHATTER Security Alerts

DbProtect AppRadar Filters - 23 March 2007

Oracle Cursor Injection Attack

A new exploitation technique of Oracle SQL Injection attacks has been presented at the BlackHat federal conference in Washington D.C. 2007 It consists of cursors specifically created for injection on functions, procedures, etc. vulnerable to SQL injection. This technique is making the exploitation of Oracle SQL injection vulnerabilities easier, based on the fact that the attacker only requires CREATE SESSION privileges on the database if the vulnerable function / procedure has public permissions.

DbProtect AppRadar, a solution that provides continuous database activity monitoring, helps to manage and reduce this risk throughout the patch management life-cycle. Application Security, Inc. publishes DbProtect AppRadar Filters to specifically monitor for this new exploitation technique.

Downloading and Applying Filters in DbProtect AppRadar

Please adhere to the following instructions to import this file into DbProtect AppRadar:

(1) Import the Oracle Cursor Injection Attack focused monitoring Filters
(2) Add the Filters to the appropriate Policies
(3) and redeploy the Policies to the databases


More detailed directions instructions can be found here.
 
Contact Us | Privacy | Sitemap | Legal
sales@appsecinc.com | support@appsecinc.com 		Call us toll free at: 1-866-927-7732 | FAX: 1-212-947-8788
. Application Security, Inc. All Rights Reserved