Enrich your conference experience!

Evening talks given by our faculty and selected subject matter experts help you broaden your knowledge, get the most for your training dollar, and hear from the voices that matter in computer security.

SANS @Night

SALSA: Scalable & Agile Lifecycle Security for Applications
- Jonathan Ham
- Saturday, November 8 * 7:30pm - 8:30pm

"Help! Our development team is trapped in an endless cycle of death march application development. Our security team is trapped in an endless mode of crisis management. How can we break out of these traps, and start building secure applications in a sustainable way?"

SALSA is designed to be compatible with your existing development methodology, so that you don't have to fight the "methodology fight" to make a difference for your team. You don't need to be in charge, you don't need to change everything at once. If you're a developer on a team, you can begin to make a difference. Learn about the SALSA approach to building secure applications, and help spread the word. SALSA is free, and can be implemented with a variety of tools, including open source free tools as well as some very fine commercial tools. The SALSA approach isn't a crusade, it is a set of practical recommendations that will help your team.

SQL Injection and My Oracle Database
- Tanya Baccam
- Sunday, November 9 * 7:00pm - 8:30pm

External attackers are always a concern, and this is no different for Oracle databases that exist within the environment. When an externally facing application accesses data from a backend Oracle database, this presents multiple potential vulnerabilities that can impact the database. One of those vulnerabilities is SQL injection. During this presentation we will explore ways to test for SQL injection vulnerabilities, as well as different ways attackers can exploit and leverage SQL injection vulnerabilities against Oracle databases. We also explore methods to defend against SQL injection.

If you want more in-depth information on Oracle, sign up for SEC509 :: Securing Oracle.

Visualization of Network Attacks
- Eric Conrad
- Monday, November 10 * 7:00pm - 8:00pm

Eric Conrad will show you how to cut through the clutter by leveraging the latest network and information security visualization techniques. As the old saying goes, a picture is worth a thousand words: are undiscovered malicious trends and connections buried in megabytes of logs? Bring order to the chaos through the power of network attack visualization. DAVIX, the open source data analysis and visualization live CD, will be used to illustrate real-world examples which will show security engineers and managers how to visualize their own threats.