The NoSQL ecosystem thrived on combining scalability and simplicity. That often meant taking short cuts around security and this legacy is still haunting many products. This talk uses Elasticsearch as an example and covers both the technical background as well as anecdotal evidence of past incidents. Finally, we also discuss …
The Database Security Assessment Tool (DBSAT) is one of the most-downloaded Oracle database utilities, and at the same time one of the easiest to use. Pedro Lopes, Product Manager for DBSAT covers what is new in DBSAT version 2.0.1, how DBSAT can be used to find unnecessary risk in your …
This session covers an innovative new way to enforce application data access security directly in the database, eliminating data security risks. Current three-tier models implement authorization logic in the application code, so it’s impossible to control access from other applications accessing the same tables or tools/users connecting directly to the …
Sheeri Cabral, Senior DB Admin/Architect at Mozilla, make a presentation about MySQL security. All the aspects of MySQL security are presented in this talk: backup access, encryption, network access, access to operating systems and logs, etc.
Identifying the input vectors of the target application is a primordial step during vulnerability assessment or penetration testing. This article explains how to people can attempt SQL injection in your database through HTTP Headers and discusses which vulnerability scanners tools to choose for testing SQL injection.
This presentation about the myths and fallacies of SQL injection presents the best practices of defense against top web security issue. The most massive crime of identity theft in history was perpetrated in 2007 by exploiting an SQL Injection vulnerability. This issue is one of the most common and most …
