Los Angeles/2011 Meetings/February 23

Jump to: navigation, search

Topic: When Databases Attack

Speaker: Scott Sutherland


Scott Sutherland is a Senior Security Consultant responsible for the development and management of penetration test services at NetSPI, which is a security services company based in Minneapolis. His role includes researching and developing tools, techniques, and methodologies used during network and application penetration tests. Scott has ten years of IT consulting experience. Six of which have been focused on providing security services. Additionally, Scott presented at the National OWASP AppSec 2010 Conference and the local Security BSidesMSP conferences in the last year.

Abstract: Database Security in the Real World

This presentation will provide an overview of the common threats and vectors that are leveraged by real world attackers to gain unauthorized access to high value databases. It is well understood that high value databases support critical applications and store sensitive information, but they can also be used to escalate privileges in Windows environments and propagate botnets across the internet. This presentation will provide developers and system administrators with a better understanding of how those attacks are conducted.


Netspi logo.png