security

Enforce Application Security in Databases with Oracle Real Application Security

This session covers an innovative new way to enforce application data access security directly in the database, eliminating data security risks. Current three-tier models implement authorization logic in the application code, so it’s impossible to control access from other applications accessing the same tables or tools/users connecting directly to the database. With the current fragmented …

Enforce Application Security in Databases with Oracle Real Application Security Read More »

MySQL Security

Sheeri Cabral, Senior DB Admin/Architect at Mozilla, make a presentation about MySQL security. All the aspects of MySQL security are presented in this talk: backup access, encryption, network access, access to operating systems and logs, etc.

SQL Injection through HTTP Headers

Identifying the input vectors of the target application is a primordial step during vulnerability assessment or penetration testing. This article explains how to people can attempt SQL injection in your database through HTTP Headers and discusses which vulnerability scanners tools to choose for testing SQL injection.

SQL Injection Myths & Fallacies

This presentation about the myths and fallacies of SQL injection presents the best practices of defense against top web security issue. The most massive crime of identity theft in history was perpetrated in 2007 by exploiting an SQL Injection vulnerability. This issue is one of the most common and most serious threats to web application …

SQL Injection Myths & Fallacies Read More »

Advanced MySQL Exploitation

This talk focuses on how MySQL SQL injection vulnerabilities can be used to gain remote code execution on the LAMP and WAMP environments. Attackers performing SQL injection on a MySQL platform must deal with several limitations and constraints. For example, the lack of multiple statements in one query makes MySQL an unpopular platform for remote …

Advanced MySQL Exploitation Read More »