Denim Group Hosts February Meeting of OWASP San Antonio

Denim Group hosted the February meeting of the San Antonio chapter of the Open Web Application Security Project (OWASP).  Dan Cornell presented and the topic was “The Second Most Secure Database”  The presentation abstract was:

The most secure database server is one that is turned off, disconnected from the network, and sealed in cement.  Unfortunately this database is not terribly useful.  In the real world the database must be turned on, on the network, and processing queries.  This presentation will explore the threats to databases and discuss technologies and techniques for mitigating these risks.  This will include a STRIDE-based threat model for a typical database server backing a web application and specific examples will be explored for both Microsoft’s SQL Server 2005 and MySQL 5.0.

We had a great turnout, including one brave developer who came down from Austin to learn more about securing web application databases.

The slide deck from the presentation is online here.

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *