The last blog post of Jeff Smith (18.1 Features: SQL Injection Detection) about little, but nice feature of SQL Developer detecting if your PL/SQL code might be vulnerable for SQL Injection, reminded me about the presentation I’ve delivered during Oracle Tutorials at CERN in 2013.
After all those years, SQL Injection is still one of the biggest security threat for your data, so even after 5 years, the content of this presentation is still valid. In fact, general type of Injection attacks, were still on top of OWASP Top 10 Application Security Risks in 2017.
So, please have a look into the presentation here: Oracle Database Security For Developers. There are some examples of different types of SQL Injection attacks (starting from slide 31, but the most interesting example of SQL Injection without providing any inputs can be checked on slide 47). Apart from that, one can also find introductory information about Oracle Security model in general, which should be helpful not only for developers planning to write tons of PL/SQL code on a daily basis. Enjoy!