NoSQL Fight for Security

The NoSQL ecosystem thrived on combining scalability and simplicity. That often meant taking short cuts around security and this legacy is still haunting many products. This talk uses Elasticsearch as an example and covers both the technical background as well as anecdotal evidence of past incidents. Finally, we also discuss current and future steps to …

NoSQL Fight for Security Read More »

Enforce Application Security in Databases with Oracle Real Application Security

This session covers an innovative new way to enforce application data access security directly in the database, eliminating data security risks. Current three-tier models implement authorization logic in the application code, so it’s impossible to control access from other applications accessing the same tables or tools/users connecting directly to the database. With the current fragmented …

Enforce Application Security in Databases with Oracle Real Application Security Read More »

MySQL Security

Sheeri Cabral, Senior DB Admin/Architect at Mozilla, make a presentation about MySQL security. All the aspects of MySQL security are presented in this talk: backup access, encryption, network access, access to operating systems and logs, etc.

SQL Injection through HTTP Headers

Identifying the input vectors of the target application is a primordial step during vulnerability assessment or penetration testing. This article explains how to people can attempt SQL injection in your database through HTTP Headers and discusses which vulnerability scanners tools to choose for testing SQL injection.

SQL Injection Myths & Fallacies

This presentation about the myths and fallacies of SQL injection presents the best practices of defense against top web security issue. The most massive crime of identity theft in history was perpetrated in 2007 by exploiting an SQL Injection vulnerability. This issue is one of the most common and most serious threats to web application …

SQL Injection Myths & Fallacies Read More »