Presentations - Corrupting Ancient Spirits - Penetration Testing Oracle Forms

"Oracle Forms, a component of Oracle Fusion Middleware, is Oracle's long-established technology to design and build enterprise applications quickly and efficiently". With its history going back before the days of the web, Oracle Forms includes a number of seemingly unconventional solutions. Since the assumtions that modern tools are built around don't hold in case of this framework, testing and debugging Oracle Forms applications is generally considered as a hard task by developers and security testers alike. No wonder that - despite the vendors efforts - large institutions still rely on now obsolete versions of the framework. This talk will describe the communication protocol and the custom encryption scheme implemented by Oracle Forms and discuss the problems they introduce. The audience will then be guided through the design and implementation of a new approach for test Oracle Forms based applications with todays tools. Finally we will see if our shiny new gadgets can find some bugs that have been hiding for so long!


Sponsors:

Gold
Gold
Gold
Silver
Silver
Silver
Silver
Silver
Silver
Bronze
JOB
Technical