Oracle Corporation
|
|
- Toby Simmons
- 8 years ago
- Views:
Transcription
1 Oracle Corporation
2 Hackers and Hacking. Demonstration 2. SQL Injection Hacks Stuart Sharp, Information Security Sales Consultant, Oracle Oracle Corporation Insert Information Protection Policy Classification from Slide 18
3 Demo Session 2 - Agenda SQL Injection Hacking. What is it? Example SQL Injection Hacks. Demonstration Questions A Real World Example. Heartland Payments. DB Firewall Architecture. DB Firewall Demonstration. Questions Oracle Corporation
4 SQL Injection - What is it? Relational Database Model based upon an independence of client connection to DB *. Broadly speaking 3 types of client connections. Custom built application connections. Packaged application connections. 3rd Party Tools. SQL Injection Hackers exploit application vulnerabilities to introduce rogue SQL for their own ends. * Not just Oracle! Oracle Corporation
5 SQL Injection - Why is it so important? If they get access to your corporate databases - Hackers win BIG! Credit Cards are Important - but what about IPR? Client side SQL checks are typically weak. Application Roles - are just within the application Connection Pooling Code generating SQL unknown to customers You don t know, what you don t know? Oracle Corporation
6 SQL Injection - Setting the Scene for the demo The demo you are about to see illustrates the problem To do this succinctly we have prepared some example SQL statements which will be injected via text fields on an example web form. These could also arise from within the other types of connections mentioned. Also could be rogue connections established by hacker clients who had written their own application Oracle Corporation
7 Demo Environment Web + Application Servers Application Web UI Database Server Oracle Corporation
8 SQL Injection Hacks Demonstration Oracle Corporation Insert Information Protection Policy Classification from Slide 18
9 4 Example SQL Injection Hacks 1. Personal information breached - bypassing application record security 2. Errors - Application database user revealed - incorrect number of result columns - incorrect data type 3. Excessive privileges - Database user credentials leaked - application user with dba or select_catalog_role 4. Data at risk - Payment card details stolen - union with sensitive table Oracle Corporation
10 SQL Injection. The Basic Principle 1. Exploit unfiltered user input - e.g. use (single quote) to close field 2. Manipulate SQL SELECT name FROM customers where id=234 becomes SELECT name FROM customers where id=234 OR 1=1 3. Return unauthorized records 1=1 is true for all records Oracle Corporation
11 SQL Injection Hack 1 1. Personal information breached - bypassing application record security select a.userid, a.firstname, a.lastname, where upper(a.department) = 'ENGINEERING and upper(a.lastname) like Smith%' becomes: select a.userid, a.firstname, a.lastname, where upper(a.department) = 'ENGINEERING and upper(a.lastname) like Smith ' OR 1=1 -- % ** RETURNS ALL RECORDS Oracle Corporation
12 SQL Injection Hack 2 2. Errors - Application Database User revealed - incorrect number of result columns java.sql.sqlexception: ORA-01789: query block has incorrect number of result columns - incorrect data type java.sql.sqlexception: Fail to convert to internal representation **ERROR MESSAGES TELL YOU WHAT IS WRONG Oracle Corporation
13 SQL Injection Hack 3 3. Excessive privileges. Database user credentials leaked The database user has dba or select_catalog_role roles ' UNION SELECT '1', osuser, username from v$session -- ** ACCESSING SYSTEM LEVEL INFORMATION Oracle Corporation
14 SQL Injection Hack 4 4. Data at risk - Payment card details stolen A union with a sensitive table ' UNION SELECT '1', name, cardnumber, from ORDERS -- ** BIG WIN! ALL CREDIT CARD NUMBERS RETURNED Oracle Corporation
15 SQL Injection Variants 1. Data Extraction 2. Blind Injection 3. Out-of-Browser (OOB) Applications 4. Heavy Queries 5. Privilege Escalation 6. OS Code Execution 7. PL/SQL Injection Oracle Corporation
16 SQL Injection Summary 1. Root causes: Incorrectly filtered escape characters Incorrect type handling Excessive privileges for application user 2. Hackers Win BIG! 25% of attacks, 89% of stolen records 3. What s at stake: Customer data Financial and business information Control of entire corporate network Oracle Corporation
17 Questions Oracle Corporation
18 Real World Example. Heartland Payment Systems Oracle Corporation Insert Information Protection Policy Classification from Slide 18
19 Real World Example Heartland Payment Systems 1. In the top 10 credit card payment processing companies worldwide 2. New Jersey-based Jan 2009, announced that it had been the victim of a security breach within its processing system in Attack went undetected for months 5. Stolen data included digital information encoded onto magnetic strip on credit/debit cards 6. Company was PCI-compliant at the time of the attack 7. Attack involved an American and several Russians, and lead to a US Federal court case Oracle Corporation
20 How 130M Credit Cards Were stolen 1. Attack via SQL Injection through bespoke webapplication 2. Attacker owns compromised database connected to corporate network 3. Undetectable malware commissioned and installed to sniff secure payment network 4. Malware collected card details packaged and regularly sent home 4 1 Corporate Perimeter Customer Facing Web-application Low Security Web App High Security Application Corporate Network 3 Internal Application Users Secure Card System Low Security Database Malware High Security Card Database Oracle Corporation
21 Oracle DB Firewall. Derrick Hodnett, Information Security Pre Sales Manager Oracle Corporation Insert Information Protection Policy Classification from Slide 18
22 SQL Injection - How do you fix the problem? You need a white list based approach. Profile your SQL traffic Gain a picture of normal usage This allows suspect SQL traffic to be highlighted You can then enforce correct policies You audit what is happening You review and revise your approach NO APPLICATION CODE CHANGES Oracle Corporation
23 Demo Environment Web + Application Servers Application Web UI Oracle Database Firewall Database Server Oracle Corporation
24 Oracle DB Firewall Architecture Oracle Corporation Insert Information Protection Policy Classification from Slide 18
25 Deployment Architecture Inbound SQL Traffic Applications In-Line Blocking and Monitoring Out-of-Band Monitoring HA Mode Management Server Policy Analyzer Network-based Monitoring and Enforcement Centralized Management and Reporting No changes to Applications or Databases required Software Appliance: Hardened Linux on Intel for security, flexibility, scalability Deployment Modes: In-Line, Out-of-Band, Proxy Oracle Corporation
26 Grammar-Based Clustering Accuracy and Understanding Use the same level of language power to detect SQL as to process it Performance Speed of lookup is constant in the number of SQL rules in the policy Security SQL injection and other dangerous SQL detected as anomalies Customer Example: Powerful Synopsis 450 million statements 450 rules auto-generated Oracle Corporation
27 Statement Substitution Log Applications Allow SELECT * FROM accounts Alert Becomes SELECT * FROM dual Substitutewhere 1=0 Block Application Database connection pools cannot be disconnected Unique graceful blocking achieved by substituting out-of-policy statement with predefined benign statement Database guaranteed protected from inappropriate statement whilst the network session remains open Oracle Corporation
28 Database Monitoring and Reporting Extensive built in Security and Compliance reports Can be modified and customized Database activity monitoring Blocked and alerted statements Supports demonstrating controls for PCI, SOX, HIPAA, etc. Logged SQL statements can be sanitized of sensitive PII data Oracle Corporation
29 Oracle DB Firewall Demonstration Oracle Corporation Insert Information Protection Policy Classification from Slide 18
30 4 Example SQL Injection Hacks - Revisited 1. Personal information breached - bypassing application record security 2. Errors - Application database user revealed - incorrect number of result columns - incorrect data type 3. Excessive privileges - Database user credentials leaked - application user with dba or select_catalog_role 4. Data at risk - Payment card details stolen - union with sensitive table Oracle Corporation
31 DB Firewall : Summary 1. Monitors SQL Traffic between Applications and Databases 2. Profile Normal Activity to Detect Suspicious Activity 3. Enforce Policy and Audit Behaviour Blocking SQL Injection Hacks Minimises Impact of Application Breaches 4. Auditing Privileged User Activity Access to Sensitive Data Independent of Application and Database Administrators Oracle Corporation
32 Questions Oracle Corporation
33 Oracle Corporation
34 Oracle Corporation
35 Oracle Corporation
<Insert Picture Here> Oracle Database Firewall: prvá línia obrany
1 Oracle Database Firewall: prvá línia obrany Iveta Šťavinová Technology Pre Sales Agenda What is Database Firewall Oracle Database Firewall Components and Deployment Modes Reporting
More informationAn Oracle White Paper January 2011. Oracle Database Firewall
An Oracle White Paper January 2011 Oracle Database Firewall Introduction... 1 Oracle Database Firewall Overview... 2 Oracle Database Firewall... 2 White List for Positive Security Enforcement... 3 Black
More informationAn Oracle White Paper January 2012. Oracle Database Firewall
An Oracle White Paper January 2012 Oracle Database Firewall Introduction... 2 Oracle Database Firewall Overview... 3 Oracle Database Firewall... 3 White List for Positive Security Enforcement... 4 Black
More informationOracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska
Oracle Audit Vault and Database Firewall Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska The following is intended to outline our general product direction. It is intended for information
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 Introducing Oracle Audit Vault and Database Firewall Billions of Database Records Breached Globally 97% of Breaches Were Avoidable with Basic Controls 98% records stolen from databases 84% records breached
More informationOracle Audit Vault and Database Firewall
Oracle Audit Vault and Database Firewall Angelo Maria Bosis Sales Consulting Director Oracle Italia Billions of Database Records Breached Globally 97% of Breaches Were Avoidable with
More informationHayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks
EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector
More informationOracle Database Security
Oracle Database Security Paul Needham, Senior Director, Product Management, Database Security Target of Data Breaches 2010 Data Breach Investigations Report Type Category % Breaches
More informationThe Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention
Whitepaper The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention May 2007 Copyright Sentrigo Ltd. 2007, All Rights Reserved The Challenge: Securing the Database Much of the effort
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationHow DataSunrise Helps to Comply with SOX, PCI DSS and HIPAA Requirements
How DataSunrise Helps to Comply with SOX, PCI DSS and HIPAA Requirements DataSunrise, Inc. https://www.datasunrise.com Note: the latest copy of this document is available at https://www.datasunrise.com/documentation/resources/
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationICTN 4040. Enterprise Database Security Issues and Solutions
Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information Proteggere i dati direttamente nel database Una proposta tecnologica Angelo Maria Bosis Sales Consulting Senior Manager
More informationFor more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.
Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility
More informationGlobal Partner Management Notice
Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with
More informationMcAfee Database Security. Dan Sarel, VP Database Security Products
McAfee Database Security Dan Sarel, VP Database Security Products Agenda Databases why are they so frail and why most customers Do very little about it? Databases more about the security problem Introducing
More informationB database Security - A Case Study
WHITE PAPER: ENTERPRISE SECURITY Strengthening Database Security White Paper: Enterprise Security Strengthening Database Security Contents Introduction........................................................................4
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationReal-Time Database Protection and. Overview. 2010 IBM Corporation
Real-Time Database Protection and Monitoring: IBM InfoSphere Guardium Overview Agenda Business drivers for database security InfoSphere Guardium architecture Common applications The InfoSphere portfolio
More informationSQL Injection. By Artem Kazanstev, ITSO and Alex Beutel, Student
SQL Injection By Artem Kazanstev, ITSO and Alex Beutel, Student SANS Priority No 2 As of September 2009, Web application vulnerabilities such as SQL injection and Cross-Site Scripting flaws in open-source
More informationAn Oracle White Paper April 2014. Oracle Audit Vault and Database Firewall
An Oracle White Paper April 2014 Oracle Audit Vault and Database Firewall Introduction... 2 Oracle Audit Vault and Database Firewall Overview... 3 Auditing and Monitoring Overview... 3 Audit Vault... 4
More informationAPPLICATION COMPLIANCE AUDIT & ENFORCEMENT
TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE
More informationSecurity Analysis. Spoofing Oracle Session Information
November 12, 2006 Security Analysis Spoofing Oracle Session Information OVERVIEW INTRODUCTION Oracle Database session information includes database user name, operating system user name, host, terminal,
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationEC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
More informationSQL Injection 2.0: Bigger, Badder, Faster and More Dangerous Than Ever. Dana Tamir, Product Marketing Manager, Imperva
SQL Injection 2.0: Bigger, Badder, Faster and More Dangerous Than Ever Dana Tamir, Product Marketing Manager, Imperva Consider this: In the first half of 2008, SQL injection was the number one attack vector
More informationInformation Security & Privacy Solutions Enabling Information Governance
Information Security & Privacy Solutions Enabling Information Governance LYNDA KEITANY IM SALES SPECIALIST July 11, 2012 What s at Stake? Damage to company reputation Brand equity damage; negative publicity
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationGuardium Change Auditing System (CAS)
Guardium Change Auditing System (CAS) Highlights. Tracks all changes that can affect the security of database environments outside the scope of the database engine Complements Guardium's Database Activity
More information全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks
全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks Agenda Challenges and PCI DSS 3.0 Updates Personal Information Protection Act Strategy to Protect against leak of Confidential Personal and Corporate
More informationDatabase Application Security Models and Policies
Database Application Security Models and Policies Marek Rychly mrychly@strathmore.edu Strathmore University, @ilabafrica & Brno University of Technology, Faculty of Information Technology Enterprise Security
More informationSecuring Data in Oracle Database 12c
Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationAdvanced SQL Injection
Advanced SQL Injection December 2012 Guillaume Loizeau Regional Sales Manager, DB Security McAfee Agenda What is SQL Injection In-band Injection Out-of-band Injection Blind Injection Advanced techniques
More informationCracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference
Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance
More informationAchieving Security Compliancy and Database Transparency Using Database Activity Monitoring Systems
Achieving Security Compliancy and Database Transparency Using Database Activity Monitoring Systems By Paul M. Wright T he Oracle database has long been used as an effective tool for recording details that
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationAn Oracle White Paper June 2011. Oracle Database Firewall 5.0 Sizing Best Practices
An Oracle White Paper June 2011 Oracle Database Firewall 5.0 Sizing Best Practices Introduction... 1 Component Overview... 1 Database Firewall Deployment Modes... 2 Sizing Hardware Requirements... 2 Database
More informationWorldwide Trends in Database Threats and Database Security jacob@sentrigo.com
Worldwide Trends in Database Threats and Database Security jacob@sentrigo.com The basics No-one is going to say to a DBA: "Congratulations, no-one stole data from us this year. Here s a 10% pay raise"
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Solutions for securing and auditing Oracle database Edgars Ruņģis Technology Consultant Why Are Databases Vulnerable? 80% of IT Security Programs Don t Address Database Security Forrester Research Enterprises
More informationHow To Secure A Database From A Leaky, Unsecured, And Unpatched Server
InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions Agenda Any questions unresolved? The Guardium Architecture Integration with Existing Infrastructure Summary Any questions
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside Out Latest Innovations in Oracle Database 12c Jukka Männistö Database Architect Oracle Nordic Coretech Presales The 1995-2014 Security Landscape Regulatory Landscape HIPAA, SOX (2002),
More informationSQL Injection in web applications
SQL Injection in web applications February 2013 Slavik Markovich VP, CTO, Database Security McAfee About Me Co-Founder & CTO of Sentrigo (now McAfee Database Security) Specialties: Databases, security,
More informationDatabase Security & Auditing
Database Security & Auditing Jeff Paddock Manager, Enterprise Solutions September 17, 2009 1 Verizon 2009 Data Breach Investigations Report: 285 million records were compromised in 2008 2 Agenda The Threat
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationDatabase security issues PETRA BILIĆ ALEXANDER SPARBER
Database security issues PETRA BILIĆ ALEXANDER SPARBER Introduction Database security is one aspect of computer security It uses different information security controls to protect databases Information
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationSecurity It s an ecosystem thing
Security It s an ecosystem thing Joseph Alhadeff Vice President Global Public Policy, Chief Privacy Strategist The Security challenge in the before time. Today s Threat Environment
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationInformation Technology Policy
Information Technology Policy Enterprise Web Application Firewall ITP Number ITP-SEC004 Category Recommended Policy Contact RA-ITCentral@pa.gov Effective Date January 15, 2010 Supersedes Scheduled Review
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationSQL Injection Defense: There are no Silver Bullets
SQL Injection Defense: There are no Silver Bullets www.dbnetworks.com Table of Contents Foreword... 3 Problem... 4 Application Development Silver Bullets... 4 Stored Procedures... 4 Parameterized Queries...
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationWHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6
WHITE PAPER FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6 Ensuring compliance for PCI DSS 6.5 and 6.6 Page 2 Overview Web applications and the elements surrounding them
More information2012 Data Breach Investigations Report
2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information
More informationWeb Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information
More information8 Steps to Holistic Database Security
Information Management White Paper 8 Steps to Holistic Database Security By Ron Ben Natan, Ph.D., IBM Distinguished Engineer, CTO for Integrated Data Management 2 8 Steps to Holistic Database Security
More informationInstalling and Configuring Guardium, ODF, and OAV
Installing and Configuring Guardium, ODF, and OAV In this appendix, we will cover the following topics: ff ff ff IBM Infosphere Guardium Database Security Oracle Database Firewall Oracle Audit Vault IBM
More informationDatabase Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions
Database Auditing & Security Brian Flasck - IBM Louise Joosse - BPSolutions Agenda Introduction Drivers for Better DB Security InfoSphere Guardium Solution Summary Netherlands Case Study The need for additional
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationHow To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
More informationData Breaches and Web Servers: The Giant Sucking Sound
Data Breaches and Web Servers: The Giant Sucking Sound Guy Helmer CTO, Palisade Systems, Inc. Lecturer, Iowa State University @ghelmer Session ID: DAS-204 Session Classification: Intermediate The Giant
More informationWHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6
WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL Ensuring Compliance for PCI DSS 6.5 and 6.6 CONTENTS 04 04 06 08 11 12 13 Overview Payment Card Industry Data Security Standard PCI Compliance for Web Applications
More informationSecuring the Database Stack
Technical Brief Securing the Database Stack How ScaleArc Benefits the Security Team Introduction Relational databases store some of the world s most valuable information, including financial transactions,
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationSecuring and Accelerating Databases In Minutes using GreenSQL
Securing and Accelerating Databases In Minutes using GreenSQL Unified Database Security All-in-one database security and acceleration solution Simplified management, maintenance, renewals and threat update
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationFrom Rivals to BFF: WAF & VA Unite OWASP 07.23.2009. The OWASP Foundation http://www.owasp.org
From Rivals to BFF: WAF & VA Unite 07.23.2009 Brian Contos, Chief Security Strategist Imperva Inc. brian.contos@imperva.com +1 (650) 832.6054 Copyright The Foundation Permission is granted to copy, distribute
More informationSecuring Web Applications...at the Network Layer
Securing Web Applications......at the Network Layer OWASP Spain Chapter Meeting 16 th June, 2006 Barcelona (ES) Carlos Fragoso Mariscal Chief Technical Director carlos@jessland.net Securing Web Applications
More informationDatabase Security & Compliance with Audit Vault and Database Firewall. Pierre Leon Database Security
Database Security & Compliance with Audit Vault and Database Firewall Pierre Leon Database Security 1 Topics Encryption Authentication Authorising highly privileged users Access control by data classification
More informationSecurely maintaining sensitive financial and
How the Guardium Platform Helped Dell IT Simplify Enterprise security By Phil Neray Addison Lawrence David McMaster Venugopal Nonavinakere Safeguarding data is critical for many organizations, but auditing
More informationFile Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions
File Integrity Monitoring Challenges and Solutions Introduction (TOC page) A key component to any information security program is awareness of data breaches, and yet every day, hackers are using malware
More informationWhy The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationStronger database security is needed to accommodate new requirements
Enterprise Database Security A Case Study Abstract This Article is a case study about an Enterprise Database Security project including the strategy that addresses key areas of focus for database security
More informationWeb Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure
Vulnerabilities, Weakness and Countermeasures Massimo Cotelli CISSP Secure : Goal of This Talk Security awareness purpose Know the Web Application vulnerabilities Understand the impacts and consequences
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationAn Oracle White Paper April 2014. Security and Compliance with Oracle Database 12c
An Oracle White Paper April 2014 Security and Compliance with Oracle Database 12c Introduction... 2 Oracle Database 12c Security... 3 Protecting Against Database Bypass Threats... 3 Limiting Sensitive
More informationSecurity Landscape of Cloud Computing
Security Landscape of Cloud Computing Amrith Nawoor Sales Consulting Team Leader East Africa & SADC 1 This document is for informational purposes. It is not a commitment to deliver any material, code,
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More information5 Simple Steps to Secure Database Development
E-Guide 5 Simple Steps to Secure Database Development Databases and the information they hold are always an attractive target for hackers looking to exploit weaknesses in database applications. This expert
More informationCyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014
Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Introduction: Cyber attack is an unauthorized access to a computer
More informationAnalysis of SQL injection prevention using a proxy server
Computer Science Honours 2005 Project Proposal Analysis of SQL injection prevention using a proxy server By David Rowe Supervisor: Barry Irwin Department of Computer
More informationsafe and sound processing online card payments securely
safe and sound processing online card payments securely Executive summary The following information and guidance is intended to provide key payment security advice to new or existing merchants who trade
More informationWhite Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere
Protecting Databases from Unauthorized Activities Using Imperva SecureSphere White Paper As the primary repository for the enterprise s most valuable information, the database is perhaps the most sensitive
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationMaking Database Security an IT Security Priority
Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,
More informationTHE FIRST UNIFIED DATABASE SECURITY SOLUTION. Product Overview Security. Auditing. Caching. Masking.
THE FIRST UNIFIED DATABASE SECURITY SOLUTION Product Overview Security. Auditing. Caching. Masking. 2 The First Unified Database Security Solution About the products The GreenSQL family of Unified Database
More informationPut a Firewall in Your JVM Securing Java Applications!
Put a Firewall in Your JVM Securing Java Applications! Prateep Bandharangshi" Waratek Director of Client Security Solutions" @prateep" Hussein Badakhchani" Deutsche Bank Ag London Vice President" @husseinb"
More informationHow To Protect Data From Attack On A Computer System
Information Management White Paper Understanding holistic database security 8 steps to successfully securing enterprise data sources 2 Understanding holistic database security News headlines about the
More informationWhite Paper. What Auditors Want Database Auditing. 5 Key Questions Auditors Ask During a Database Compliance Audit
5 Key Questions Auditors Ask During a Database Compliance Audit White Paper Regulatory legislation is increasingly driving the expansion of formal enterprise audit processes to include information technology
More information