There are a few other good sources on the internet. 

o - otn has some reasonably good papers on security of both the e RDBMS and the application server. 

o - I wrote a simple "scanner" for security focus last year that looks for some basic issues - see http://online.securityfocus.com/infocus/1522 

o - check out a presentation and a good white paper on Aaron Newmans site at http://www.appsecinc.com about security on Oracle 

o - check out Dave Litchfields paper on hackproofing the application server - it includes some RDBMS issues as well, at http://www.nextgenss.com/papers/hpoas.pdf 

o - you can also download Oracle security tools from both of these sites free for trial use for a limited time. 

o - check out www.securityfocus.com - there are a few papers, check also www.sans.org - see http://rr.sans.org/appsec/oracle.php and http://rr.sans.org/appsec/oracle_db.php and http://rr.sans.org/appsec/final.php - each of them refeernces varoius other sources. 

o - search out google, there are a few good papers out there, not many check lists, i have only seen o ne before that was a good start, i cannot remember the URL though. 

I hope the above helps a bit. 

kind regards 

Pete Finnigan 

pete@peterfinnigan.demon.co.uk 
pete@petefinnigan.com 

http://www.petefinnigan.com 

http://online.securityfocus.com/infocus/1522 - "A simple Oracle Security 
Scanner" 

http://downloads.securityfocus.com/library/oracle-security.pdf - "Exploiting and 
protecting Oracle" 
 
Contributors :  Heaton Geoff 
Mehta Prerak 
finnigan pete