5 Days Left to Save $200 on SANS Miami 2016

NCIC & Awards 2012

Baltimore, MD | Wed, Oct 3 - Sun, Oct 7, 2012

Hacking Databases: Exploiting The Top Database Vulnerabilities And Misconfigurations

  • Josh Shaul, Chief Technology Officer, Application Security Inc.
  • Wednesday, October 3rd, 11:45am - 12:15pm

According to the Identity Theft Resource Center, in the past year and a half, there have been close to 900 breaches and over 28,000,000 records compromised. With groups like Anonymous and LulzSec continuously hacking into major corporations and government agencies, do you wonder if you're next?

No organization, industry, or government agency is immune to the proliferation of complex attacks and malicious behavior. Ensuring database security is a priority for organizations interested in protecting sensitive data and passing audits.

Over the course of this presentation, a description of some of the sophisticated methods used in invading enterprise databases will be discussed, and the evolution of the security issues and features in each will be provided. A demonstration of popular attacks will also be presented.

The presentation will conclude by proposing essential steps IT managers can take to securely configure, maintain databases, and defend against malicious breaches entirely. Attendees will leave with a basic understanding of the most effective methods for protecting their data, an enterprise's most prized asset, from attackers today and in the future.

Attendees will:

  • Learn how organizations, through an integrated defense strategy, can effectively manage their database risks across large, heterogeneous database environments with automated controls
  • Understand the common vulnerabilities and misconfigurations used to attack databases
  • Methodologies and best practices on how to implement actionable plans to protect enterprise database assets

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • Vendor: Events hosted by external vendor exhibitors.
Wednesday, October 3
Session Speaker Time Type
Automating the 20 Critical Controls with a Full Life Cycle Security and Compliance Program Andrew Wild, CSO, Qualys and Wolfgang Kandek, CTO, Qualys Wednesday, October 3rd, 1:30am - 2:30am Vendor Event
SCAP Sync Mark Haase, Sr. Security Software Engineer, Lunarline, Inc. Wednesday, October 3rd, 2:15am - 2:45am Vendor Event
CM, CAG, Cloud: The Perfect Storm? Wednesday, October 3rd, 3:45am - 4:45am Vendor Event
Intelligence-Driven Security: Advanced Threat and Continuous Monitoring RSA Wednesday, October 3rd, 11:00am - 11:45am Vendor Event
Hacking Databases: Exploiting The Top Database Vulnerabilities And Misconfigurations Josh Shaul, Chief Technology Officer, Application Security Inc. Wednesday, October 3rd, 11:45am - 12:15pm Vendor Event
Thursday, October 4
Session Speaker Time Type
Beyond Continuous Monitoring, Multi-Layered Threat Detection and Response Rob Roy, Federal CTO, HP Enterprise Security Products Thursday, October 4th, 1:30am - 2:00am Vendor Event
The Impact of Hardware-Enhanced Security David Marcus, Director, Advanced Research & Threat Intelligence, McAfee Thursday, October 4th, 2:15am - 3:15am Vendor Event
Security Intelligence Made Easy Usman Choudhary, Senior Director of Engineering, NetIQ Thursday, October 4th, 11:00am - 11:30am Vendor Event
Advanced Situational Awareness (ASA) Tom Kellermann, VP of Cyber Security, Trend Micro Thursday, October 4th, 11:45am - 12:15pm Vendor Event