I just published the first half of a two part series over at Database Journal called Eight Ways to Hack Oracle.

The article is really an overview of vulnerabilities in the core database product, and how to protect against them.  Part one covers SQL Injection, a way of putting malformed entries into a web page in order to trick the application to run your query.  This can be very dangerous, and is a lot more common than you might think.  Next we cover default passwords, those are obvious right?  Except you’d be surprised how many there are, and how much of a pest they turn out to be.  Next we talk about brute force methods to get into the database, and how affective they are.  And lastly we speak about sneaking information out of the database, and how it can be done.

In part two of the series we cover listener vulnerabilities, privilege escalation which allows some of those underprivileged and default passworded accounts like scott/tiger to become extremely useful.  Lastly we hit on operating system and filesystem vulnerabilities, and how to protect against them.