Date & Time:
Thursday, February 7th, 2007, 3-5pm

Meeting Location:
205 N. Michigan Ave - 11th Floor
Room: 1107N (500-Auditorium 1107N)
Chicago, IL 60601

Presenter:
Aaron Ingram
Application Security Inc.
Author of "Practical Oracle Security"

Topic: Database Security & Threat Vectors

Traditional perimeter network security is not a sufficient enough means on its own to defend against dynamic threats to applications already residing on enterprise systems and accessible over the Internet. Web-accessed databases are especially susceptible, partially because of the appeal of their lucrative repositories of customer and sales data, and partially because IP entry affords hackers a broader range of methods with which to invade and gain access to database information.

In this presentation, the speaker will describe some of the sophisticated methods used in invading enterprise databases and propose essential steps IT managers can take to securely install and configure databases against malicious breaches. The session will also provide guidelines and best practices on how businesses can secure databases against unauthorized access.

Attendees will learn:
- Examples of database attack scenarios: privilege escalation, password brute-forcing, SQL injection, and buffer overflow
- Why perimeter security is not adequate for protecting databases
- Tips on Web applications development to ensure secure database access
- How to combat database attacks: recommendations on vulnerability assessment, intrusion protection, encryption

Presenter BIO:
Aaron Ingram is the author of "Practical Oracle Security: Your Unauthorized Guide to Relational Database Security." He has fifteen years experience developing enterprise software, focusing on database systems and security applications. After graduating with a Bachelor's degree in computer science from Columbia University, he worked at Accenture as a consultant for Fortune 500 financial and telecommunication companies and for various government agencies. He then worked for ShieldIP creating Digital Rights Protection technology. Most recently, he merged his extensive database background with his security skills to manage the development of Application Security's real-time database activity monitoring solution in their DbProtect product suite.