[Owasp-germany] Dutch Chapter Meeting, Database Security!

Martin Knobloch martin.knobloch at owasp.org
Mon Mar 8 07:47:32 EST 2010


Hi all,

This Thursday, March 11th, the Ducht chapter is organising a Chapter meeting
about database securrity with great speakers!

The chapter meeting is organised in Amersfoort, not to far from Belgium and
German, on walking distance to the Central Station!
*
*
*Alexander Kornbrust* is the founder of Red-Database-Security a company
specialized in Oracle security. He provides Oracle security audits, security
training and consulting to customers worldwide. Alexander is also the
co-author of the book "SQL Injection Attacks and Defense ". Alexander has
worked since 1992 with Oracle and his specialties are the security of Oracle
databases and secure software architectures. In the last 6 years Alexander
has reported more than 400 security bugs to Oracle and gave various
presentations on security conferences like Black Hat, Defcon, Bluehat, HITB,
... Alexander holds a masters degree in computer science from the University
of Passau, Germany.
Oracle Database Security: The presentation will show the most common
security problems found in Oracle based web applciation
*Justin Clarke* is a co-founder and Director at Gotham Digital Science,
based in the United Kingdom. He has over twelve years of experience in
assessing the security of networks, web applications, and wireless networks
for large financial, retail, technology and government clients in the United
States, the United Kingdom and New Zealand. Justin is the the technical
editor and lead author of “SQL Injection Attacks and Defense” (Syngress
2009), co-author of "Network Security Tools: Writing, Hacking, and Modifying
Security Tools" (O’Reilly 2005), a contributing author to "Network Security
Assessment: Know Your Network, 2nd Edition" (O’Reilly 2007), as well as a
speaker at a number of conferences and events on security topics,

The VAC (Vunerability, Attach and Countermeasure) is presented by *Marinus
Kuivenhoven...*
 is a Senior Technology Specialist with Sogeti Nederland B.V. specializing
in service oriented architectures and secure application development. His
experience include developing and administrating Oracle-based systems. At
Sogeti Nederland B.V. he is also an active member of the PaSS
-Software(Proactive Security Strategy) taskforce focusing on secure
application development. Marinus also developed and teaches several
application security courses both within and outside Sogeti. In the past
years he has written for magazine such as Computable and We Love IT. And he
has spoken on a number of conferences and events like OWASP, Recent OO
Trends, Open Source Developer Conference and Engineering World. *
Vulnerability:* Insecure Direct Object Reference is when a web application
exposes an internal implementation object to the user. Some examples of
internal implementation objects are database records, URLs, or files.
*Attack:* An attacker can modify the internal implementation object in an
attempt to abuse the access controls on this object. When the attacker does
this they may have the ability to access functionality that the developer
didn’t intend to expose access to.
*Countermeasure:* Reference should be validated for authorization and
accessed through reference maps. How this should be done will be shown.

*See the flyer attached! Registration via email to: netherlands at owasp.org*

Looking forward welcome Thursday!

Cheers,
Martin Knobloch (OWASP Netherlands)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-germany/attachments/20100308/bf51142d/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Owasp_NL_march2010 (1).pdf
Type: application/pdf
Size: 1658548 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-germany/attachments/20100308/bf51142d/attachment-0001.pdf 


More information about the Owasp-germany mailing list