SANS InfoSec Reading Room - Application/Database Sec
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact
webmaster@sans.org.
Featuring 32 papers as of Dec 2, 2008
Achieving PCI Compliance with Log Management
SenSage - July 2008
Closing Internal User Visibility and Data Governance Gaps with PacketMotion
PacketMotion - April 2008
Understanding and Selecting a Database Activity Monitoring Solution
Guardium, Imperva, Secerno, Sentrigo, & Tizor - April 2008
- Web Based Attacks
- Justin Crist
- January 4, 2008
- - download paper

- Analyzing Attack Surface Code Coverage
- Justin Seitz
- November 14, 2007
- - download paper

- Forensic Analysis of a SQL Server 2005 Database Server
- Kevvie Fowler
- September 28, 2007
- - download paper

- Automated Scanning of Oracle 10g Databases
- Rory McCune
- August 7, 2007
- - download paper

- Using Oracle Forensics to determine vulnerability to Zero Day exploits
- Paul Wright
- February 28, 2007
- - download paper

- Security in Sun Java System Application Server Platform Edition 8.0
- Sid Ansari
- June 29, 2005
- - download paper

- Web Browser Insecurity
- Paul Asadoorian
- June 2, 2005
- - download paper

- Application Firewalls: Don't Forget About Layer 7
- Russell Eubanks
- May 17, 2005
- - download paper

- Reining in the LAN client
- David Monaco
- February 25, 2005
- - download paper

- Securing SQL Connection String
- Dmitry Dessiatnikov
- April 8, 2004
- - download paper

- Assessing Vendor Application Security A Practical Way to Begin
- Barton Hubbs
- April 8, 2004
- - download paper

- Application Development Technology and Tools: Vulnerabilities and threat management with secure programming practices, a defense in-depth approach
- Vilas Ankolekar
- December 13, 2003
- - download paper

- SQL Server 2000: Permissions on System Tables Granted to Logins Due to the Public Role
- K Brian Kelley
- December 13, 2003
- - download paper

- Service Account Vulnerabilities
- Barbara Guhanick
- October 31, 2003
- - download paper

- Source Code Revelation Vulnerabilities
- Christopher Short
- October 31, 2003
- - download paper

- Database - The Final Firewall
- Brian Suddeth
- October 31, 2003
- - download paper

- An Approach to Application Security
- Ian Rathie
- October 31, 2003
- - download paper

- Distributed Object Technology: Security Perspective
- Subbu Cherukuwada
- October 31, 2003
- - download paper

- Making Your Network Safe for Databases
- Duane Winner
- October 31, 2003
- - download paper

- Web Application Security for Managers
- Pierre de la Brassinne
- October 31, 2003
- - download paper

- Distributed Systems Security: Java, CORBA, and COM+
- April L. Moreno
- October 31, 2003
- - download paper

- Security Scenarios in Analysis and Design
- Dwight A. Haworth
- October 31, 2003
- - download paper

- Framework for Secure Application Design and Development
- Chris McCown
- October 31, 2003
- - download paper

- Security for a CRM environment
- Jason LaFrance
- October 31, 2003
- - download paper

- Securing Server Side Java
- William Rushmore
- October 31, 2003
- - download paper

- Deploying a Secure Web Application: From a Coding Perspective
- Jaime Spicciati
- October 31, 2003
- - download paper

- J.D. Edwards Security using RBAC
- Scott Gordee
- October 31, 2003
- - download paper

- Securing End User Active Server Page Applications on an Intranet
- Bob Bohn
- October 31, 2003
- - download paper

- SQL Server Email - vulnerability issues and prevention strategies
- Frank Ress
- October 31, 2003
- - download paper

This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC