SANS @Night

Future Trends in Network Security
- Speaker: Eric Cole
- Monday, August 11
- 7:00pm - 8:00pm

Malicious code and other attacks are increasing in intensity and the damage that they cause. With little time to react, organizations have to become more proactive in their security stance. Reactive security will no longer work. Therefore, organizations need to better understand what the future trends, risks, and threats are so that they can be better prepared to make their organizations as secure as possible. Dr. Cole's in-depth, cross-industry experience allows him to give relevant examples in every instance. This presentation covers security issues that are relevant to IT managers and administrators alike.

Things That Go Bump In The Network: Embedded Device (In)Security
- Paul Asadoorian
- Wednesday, August 13
- 8:00pm - 9:00pm

Paul Asadoorian will discuss an area of rapidly growing risk from embedded devices. As these devices become ubiquitous, the risks continue to grow. Common devices from iPhones to Linksys routers are vulnerable to attacks which can compromise your data. Most do not realize unique opportunities for attackers to do damage and gain access to your network, and most importantly your information. This talk will focus primarily on common embedded device vulnerabilities. Paul will stroll down memory lane and review some of the vulnerabilities that have been released for embedded devices, how we can use them to gain control of the device, the network, and more importantly the data traveling across it. Example devices will include printers, mobile devices, Wireless Routers, and network-based cameras including live hacking demonstrations!

'The Tao of SQL'
(Beyond Command-line Kung Fu)
- Speaker: Greg Owen
- Thursday, August 14
- 7pm - 8pm

Simple SQL databases can be a powerful tool for IT Security and Administration users. Tasks that normally require complex command line Kung Fu may be faster and simpler using SQL queries, and involve less repetitive work in the bargain. This presentation will banish the preconception that databases require extensive setup, maintenance and expertisel; as well as demonstrating how databases can be used in command line or scripting tasks to make work easier.

Practical Security Testing Through Fuzzing
- Speaker: Josh Wright
- Thursday, August 14
- 8pm - 9pm

Software fuzzing is a growing field that has uncovered a wealth of security vulnerabilities. With increased emphasis from the research community and from vendors seeking to capitalize on the fuzzing market, this technique for identifying vulnerabilities is showing no signs of slowing.

Despite the many advantages of fuzzing, few organizations take advantage of this technique to improve the security of product and systems. In this presentation, SANS instructor Joshua Wright will demonstrate several fuzzing tools and identify the many advantages organizations can gain by integrating fuzzing in their pen-testing and defensive processes.