Next Page >>
Database Security
_____________________________________________
Copyright (c) 2012 Application Security, Inc.
http://www.appsecinc.com
About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security
solutions for the enterprise.
By providing strategic and scalable software-only solutions -
AppDetectivePro for auditors and IT advisors, and DbProtect for the
enterprise - AppSecInc supports the database security lifecycle for some
of the most complex and demanding environments in the world across more
_____________________________________________
Copyright (c) 2012 Application Security, Inc.
http://www.appsecinc.com
About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security
solutions for the enterprise.
By providing strategic and scalable software-only solutions -
AppDetectivePro for auditors and IT advisors, and DbProtect for the
enterprise - AppSecInc supports the database security lifecycle for some
of the most complex and demanding environments in the world across more
_____________________________________________
Copyright (c) 2012 Application Security, Inc.
http://www.appsecinc.com
About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security
solutions for the enterprise.
By providing strategic and scalable software-only solutions -
AppDetectivePro for auditors and IT advisors, and DbProtect for the
enterprise - AppSecInc supports the database security lifecycle for some
of the most complex and demanding environments in the world across more
_____________________________________________
Copyright (c) 2012 Application Security, Inc.
http://www.appsecinc.com
About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security
solutions for the enterprise.
By providing strategic and scalable software-only solutions -
AppDetectivePro for auditors and IT advisors, and DbProtect for the
enterprise - AppSecInc supports the database security lifecycle for some
of the most complex and demanding environments in the world across more
_____________________________________________
Copyright (c) 2012 Application Security, Inc.
http://www.appsecinc.com
About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security
solutions for the enterprise.
By providing strategic and scalable software-only solutions -
AppDetectivePro for auditors and IT advisors, and DbProtect for the
enterprise - AppSecInc supports the database security lifecycle for some
of the most complex and demanding environments in the world across more
_____________________________________________
Copyright (c) 2012 Application Security, Inc.
http://www.appsecinc.com
About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security
solutions for the enterprise.
By providing strategic and scalable software-only solutions -
AppDetectivePro for auditors and IT advisors, and DbProtect for the
enterprise - AppSecInc supports the database security lifecycle for some
of the most complex and demanding environments in the world across more
_____________________________________________
Copyright (c) 2012 Application Security, Inc.
http://www.appsecinc.com
About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security
solutions for the enterprise.
By providing strategic and scalable software-only solutions -
AppDetectivePro for auditors and IT advisors, and DbProtect for the
enterprise - AppSecInc supports the database security lifecycle for some
of the most complex and demanding environments in the world across more
_____________________________________________
Copyright (c) 2012 Application Security, Inc.
http://www.appsecinc.com
About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security
solutions for the enterprise.
By providing strategic and scalable software-only solutions -
AppDetectivePro for auditors and IT advisors, and DbProtect for the
enterprise - AppSecInc supports the database security lifecycle for some
of the most complex and demanding environments in the world across more
_____________________________________________
Copyright (c) 2012 Application Security, Inc.
http://www.appsecinc.com
About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security
solutions for the enterprise.
By providing strategic and scalable software-only solutions -
AppDetectivePro for auditors and IT advisors, and DbProtect for the
enterprise - AppSecInc supports the database security lifecycle for some
of the most complex and demanding environments in the world across more
* Hacker Spaces
* Application and Protocol Fuzzing
* Physical Security
* Virtualization
* Webapp Security
* DataBase Security
* "the" Cloud
* Cryptography
* System Weaknesses
* Infrastructure and Critical Systems
* Social Engineering
Session will have to be delivered in any one of the following Session format for Conference talks:
* Coldfire Sessions (60 Minutes): These sessions are primarily core technical talks and will cover the following categories:
o Zer0 Days / Original Security Research
o Application and Database Security (All Technologies)
o Cyber Terrorism / Critical Infrastructure Issues
o Incidence Response and Defeating Incidence Response
o Electronic Device Security (Cell Phones / PDA’s etc..)
o Infrastructure Security (Wireless, Bluetooth, OS, Device etc)
o Browser Security
Sent to mailing list without permission :
Oracle 0xDEADF00D
Alexander Kornbrust, CEO of Red Database Security GmbH and Oracle Database security expert noticed that Oracle recently released their Oracle Database 11g for Linux with a new password hashing algorithm. They do so, to improve security by introducing case-sensitive passwords in the year 2007! Alex asked us to figure out what kind of cryptographic algorithms and methods are actually used, because he'd like to update his Oracle Security Scanner.
We did, regardless of the expected nightmares, Fear and Laughing in Oracle.
Since Oracle is shipped as closed software and releases will be provided as binary/executable program only, we analyzed the Linux ELF binary executable files, because a windows version of Oracle 11g seems to be not released yet.
Authentication
Commercial and Industry Security
Cryptographic Protocols
Data and Application Security
Data/System Integrity
Database Security
Digital Rights Management
Formal Verification of Secure Systems
Identity Management
Inference/Controlled Disclosure
Information Warfare
Best practices in Computer and Information security
Cryptography, VPN and PKI
Disaster recovery and business continuity planning
Vulnerabilities Analysis and Hacking techniques
Perimetral Security
Database Security
OS security
Web Services Security
Computer and digital forensics
Incident Handling
Digital Evidence
* DDoS Evolution or Stories
* Secure Programming
* Hacker Culture
* Application Security
* Virtualization
* DataBase Security
* "the" Cloud
* Cryptography
* System Weaknesses
* Infrastructure and Critical Systems
* Reverse Engineering
Workaround
Always require password authentication, even for proxy connections
Alternatively, disable proxy authentication mode and enforce this policy by configuring the SecureSphere Database Security Gateway to alert when users are granted proxy access
The SecureSphere Database Security Gateway can also enforce all proxy account connections to the database originate from the proxy server IP address
Discovered by:
About
*****
Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.
Contact: research [at] dsec [dot] ru
http://www.dsec.ru (in Russian)
_____________________________________________
Copyright (c) 2012 Application Security, Inc.
http://www.appsecinc.com
Application Security, Inc's database security solutions have helped over
2000 organizations secure their databases from all internal and external
threats while also ensuring that those organizations meet or exceed
regulatory compliance and audit requirements.
This vulnerability was discovered by HD Moore
-- About Rapid7 Security
Rapid7 provides vulnerability management, compliance and penetration
testing solutions for Web application, network and database security. In
addition to developing the NeXpose Vulnerability Management system,
Rapid7 manages the Metasploit Project and is the primary sponsor of the
W3AF web assessment tool.
Our vulnerability disclosure policy is available online at:
About
*****
Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.
Contact: research [at] dsec [dot] ru
http://www.dsec.ru (in Russian)
- Virtualization
--- Application security
- Web application vulnerability research
- Application reverse engineering and related automated tools
- Database security & attacks
- Protocol security & exploitation
- Advanced Trojans, worms and backdoor technique
- Encryption & decryption technique
- Routing device
-- Credit:
This vulnerability was discovered by HD Moore
-- About Rapid7 Security
Rapid7 provides vulnerability management, compliance and penetration
testing solutions for Web application, network and database security. In
addition to developing the NeXpose Vulnerability Management system,
Rapid7 manages the Metasploit Project and is the primary sponsor of the
W3AF web assessment tool.
Our vulnerability disclosure policy is available online at:
* Exploit techniques and automation
* Network-based attacks (routing, DNS, IDS/IPS/firewall evasion)
* Reconnaissance (scanning, software, and hardware fingerprinting)
* Malware design and implementation (rootkits, viruses, bots, worms)
* Denial-of-service attacks
* Web and database security
* Weaknesses in deployed systems (VoIP, telephony, wireless, games)
* Practical cryptanalysis (hardware, DRM, etc.)
WOOT '11 will be held August 8–9, 2011, in San Francisco, CA. WOOT '11
is co-located with the 20th USENIX Security Symposium (USENIX Security
-- Credit:
This vulnerability was discovered by Will Vandevanter of the Rapid7 professional services team during a customer engagement.
-- About Rapid7 Security
Rapid7 provides vulnerability management, compliance and penetration testing solutions for Web application, network and database security. In addition to developing the NeXpose Vulnerability Management system, Rapid7 manages the Metasploit Project and is the primary sponsor of the
W3AF web assessment tool.
Our vulnerability disclosure policy is available online at:
http://www.rapid7.com/disclosure.jsp
-- Credit:
This vulnerability was discovered by HD Moore
-- About Rapid7 Security
Rapid7 provides vulnerability management, compliance and penetration
testing solutions for Web application, network and database security. In
addition to developing the NeXpose Vulnerability Management system,
Rapid7 manages the Metasploit Project and is the primary sponsor of the
W3AF web assessment tool.
Our vulnerability disclosure policy is available online at:
2005. A comprehensive analysis of all affected devices was conducted by
HD Moore in 2010.
-- About Rapid7 Security
Rapid7 provides vulnerability management, compliance and penetration
testing solutions for Web application, network and database security. In
addition to developing the NeXpose Vulnerability Management system,
Rapid7 manages the Metasploit Project and is the primary sponsor of the
W3AF web assessment tool.
Our vulnerability disclosure policy is available online at:
Digital Security is one of the leading IT security companies in CEMEA,
providing information security consulting, audit and penetration
testing services, ERP and SAP security assessment, certification for ISO/IEC 27001:2005 and PCI DSS and PA DSS standards.
Digital Security Research Group focuses on enterprise application (ERP) and database
security problems with vulnerability reports, advisories and whitepapers
posted regularly on our website.
Contact: research [at] dsecrg [dot]com
http://www.dsecrg.com
http://www.erpscan.com
Digital Security is one of the leading IT security companies in CEMEA,
providing information security consulting, audit and penetration
testing services, ERP and SAP security assessment, certification for ISO/IEC 27001:2005 and PCI DSS and PA DSS standards.
Digital Security Research Group focuses on enterprise application (ERP) and database
security problems with vulnerability reports, advisories and whitepapers
posted regularly on our website.
Contact: research [at] dsecrg [dot]com
http://www.dsecrg.com
http://www.erpscan.com
This vulnerability was reported by Joshua Abraham and Will Vandevanter.
About Rapid7 Security:
Rapid7 provides vulnerability management, compliance and penetration
testing solutions for Web application, network and database security. In
addition to developing the NeXpose Vulnerability Management system,
Rapid7 manages the Metasploit Project and is the primary sponsor of the
W3AF web assessment tool.
Our vulnerability disclosure policy is available online at:
Digital Security is one of the leading IT security companies in CEMEA,
providing information security consulting, audit and penetration
testing services, ERP and SAP security assessment, certification for ISO/IEC 27001:2005 and PCI DSS and PA DSS standards.
Digital Security Research Group focuses on enterprise application (ERP) and database
security problems with vulnerability reports, advisories and whitepapers
posted regularly on our website.
Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
Next Page>>
|
