Date: Tuesday, October 21st Time: 6pm - Networking/Pizza & 6:30pm - Presentation
Sponsor: Sentrigo
Refreshments: Pizza/Soda
Give-A-Ways: TBD
Topic: Presenting a new angle on a popular attack vector on databases: SQL Injection."
We will describe types and techniques of SQL Injection attacks on both RDBMS-based web applications and built-in database stored program units, and show how simple SQL Injection can be used to own the database server through the means of privilege escalation.
We will also list ways of preventing SQL Injection attacks - ranging from secure coding practices to various external tools that will alert and prevent SQL Injection attempts, and demonstrate how hacker techniques of evasion can be used to subvert them.
Finally, we will introduce new deep inspection tools for Microsoft SQL Server that can prevent SQL injection, even in zero-day scenarios.
Take away points:
. How SQL Injection attacks work
. Secure coding practices
. Existing tools for SQL Injection prevention and techniques to evade them
. New resilient technologies used to solve entirely SQL injections, even those exploiting zero-day vulnerabilities
Presenter: Todd P. DeSantis
Bio: Todd DeSantis brings a wealth of technical knowledge and a passion for using technology to better society to his position as lead North American Sales Engineer at Sentrigo. With a background in computer science from Worcester Polytechnic Institute, Todd has been using his understanding of computer programming and database systems throughout his career. At Sentrigo Todd is striving to bring a higher level of database security and safety to the enterprise. Prior to Sentrigo Todd successfully helped Fortune 50 companies rethink data access paradigms with Endeca Technologies. Todd started his career at Enerjy Technologies where he helped organizations improve overall levels of Java code quality and visibility. In his spare time Todd, an avid audiophile, enjoys working toward creating the 'absolute sound' with hi-fi audio systems, and enjoys many different genres of music.
Time: 6pm - Networking/Pizza & 6:30pm - Presentation
Sponsor: Sentrigo
Refreshments: Pizza/Soda
Give-A-Ways: TBD
Topic: Presenting a new angle on a popular attack vector on databases: SQL Injection."
We will describe types and techniques of SQL Injection attacks on both RDBMS-based web applications and built-in database stored program units, and show how simple SQL Injection can be used to own the database server through the means of privilege escalation.
We will also list ways of preventing SQL Injection attacks - ranging from secure coding practices to various external tools that will alert and prevent SQL Injection attempts, and demonstrate how hacker techniques of evasion can be used to subvert them.
Finally, we will introduce new deep inspection tools for Microsoft SQL Server that can prevent SQL injection, even in zero-day scenarios.
Take away points:
. How SQL Injection attacks work
. Secure coding practices
. Existing tools for SQL Injection prevention and techniques to evade them
. New resilient technologies used to solve entirely SQL injections, even those exploiting zero-day vulnerabilities
Presenter: Todd P. DeSantis
Bio: Todd DeSantis brings a wealth of technical knowledge and a passion for using technology to better society to his position as lead North American Sales Engineer at Sentrigo. With a background in computer science from Worcester Polytechnic Institute, Todd has been using his understanding of computer programming and database systems throughout his career. At Sentrigo Todd is striving to bring a higher level of database security and safety to the enterprise. Prior to Sentrigo Todd successfully helped Fortune 50 companies rethink data access paradigms with Endeca Technologies. Todd started his career at Enerjy Technologies where he helped organizations improve overall levels of Java code quality and visibility. In his spare time Todd, an avid audiophile, enjoys working toward creating the 'absolute sound' with hi-fi audio systems, and enjoys many different genres of music.
Time: 6pm - Networking/Pizza & 6:30pm - Presentation
Sponsor: Sentrigo
Refreshments: Pizza/Soda
Give-A-Ways: TBD
Topic: Presenting a new angle on a popular attack vector on databases: SQL Injection."
We will describe types and techniques of SQL Injection attacks on both RDBMS-based web applications and built-in database stored program units, and show how simple SQL Injection can be used to own the database server through the means of privilege escalation.
We will also list ways of preventing SQL Injection attacks - ranging from secure coding practices to various external tools that will alert and prevent SQL Injection attempts, and demonstrate how hacker techniques of evasion can be used to subvert them.
Finally, we will introduce new deep inspection tools for Microsoft SQL Server that can prevent SQL injection, even in zero-day scenarios.
Take away points:
. How SQL Injection attacks work
. Secure coding practices
. Existing tools for SQL Injection prevention and techniques to evade them
. New resilient technologies used to solve entirely SQL injections, even those exploiting zero-day vulnerabilities
Presenter: Todd P. DeSantis
Bio: Todd DeSantis brings a wealth of technical knowledge and a passion for using technology to better society to his position as lead North American Sales Engineer at Sentrigo. With a background in computer science from Worcester Polytechnic Institute, Todd has been using his understanding of computer programming and database systems throughout his career. At Sentrigo Todd is striving to bring a higher level of database security and safety to the enterprise. Prior to Sentrigo Todd successfully helped Fortune 50 companies rethink data access paradigms with Endeca Technologies. Todd started his career at Enerjy Technologies where he helped organizations improve overall levels of Java code quality and visibility. In his spare time Todd, an avid audiophile, enjoys working toward creating the 'absolute sound' with hi-fi audio systems, and enjoys many different genres of music.