Using MariaDB and MaxScale to meet GDPR. Maria Luisa Raviol Senior Sales Engineer- MariaDB
|
|
- Janel White
- 5 years ago
- Views:
Transcription
1 Using MariaDB and MaxScale to meet GDPR Maria Luisa Raviol Senior Sales Engineer- MariaDB
2 The majority of the HTTP attacks were made to PHPMyadmin, a popular MySQL and MariaDB remote management system. Many web content management systems, not to mention WordPress, rely on these these databases. Vulnerable WordPress plugins were also frequently attacked. Mind you, this was on a system that even in honeypot mode hadn't emitted a single packet towards the outside world. ZDNet - Jan 23rd 2018
3 GDPR A Matter of Balance
4 It is the harmonization of: Processes Process flows Prevention and reaction procedures Technological solutions Encryption Preudonymisation Anonymisation Data Accessibility Auditing Compliance Keep the pace with the regulation GDPR
5 GDPR The Requirements Data is protected Risk protection and prevention The harmonisation of processes and technology European companies and/or companies located outside EU that handle the data of EU citizens must guarantee:
6 GDPR The Processess Companies need to have deep knowledge their Data Supply Chain All the W questions need to have an answer A top-down approach is usually recommended The 5 Ws plus one
7 GDPR The Technology The right technology will help businesses meet the requirements of GDPR both now and in the future GDPR says that: It is mandatory to implement appropriate technical and organisational measures, to ensure a level of security appropriate to the risk including inter alia, as appropriate: the pseudonymisation and encryption of personal data... Reference: GDPR Art 32
8 GDPR The Technology The right technology will help businesses meet the requirements of GDPR both now and in the future Must prevent: Unauthorised access to the database Unauthorised access to all the other database related files (log files, configuration files, passwords ) Data integrity breach Untrusted access to the database from the Clients
9 GDPR The Tecnology The right technology will help businesses meet the requirements of GDPR both now and in the future How to protect the database: Firewalling Autentication Data in motion encryption Tablespace encryption Data at rest encryption Backup encryption Auditing
10 GDPR MariaDB Enterprise Security Detect and prevent attacks Access management Denial of service SQL Injections Protect data at rest with encryption Tablespaces, Individual tables, logs TSL/SSL Encryption Protects data in motion Auditing for Security and Compliance MaxScale database firewall features MaxScale selective data masking
11 MariaDB TX - Security MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
12 MariaDB MaxScale Security Features
13 MariaDB TX Firewalling and Data Masking MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
14 MariaDB MaxScale Concept Generic Core MULTI-THREADED E-POLL BASED STATELESS SHARES THE THREAD POOL Insulates client applications from the complexities of backend database cluster CLIENT DATABASE SERVERS Flexible, easy to write plug-ins for PROTOCOL SUPPORT AUTHENTICATION PARSING DATABASE MONITORING LOAD BALANCING & ROUTING QUERY TRANSFORMATION & LOGGING Simplify replication from database to other databases MASTER Binlog Cache SLAVES
15 MaxScale Firewalling The Details A filter installed into the request processing chain. Rules define what constitutes a match: wildcard, columns, function, regex, no where clause when to apply what users are affected what statements are affected The filter mode defines what to do with a match: allow => whitelist block => blacklist limit_queries rule sensible only with blacklisting match if more than N queries are made within a time period MaxScale Filter Router Database Servers
16 MaxScale Filtering Rules Database Firewall Filter Allow/Block queries that MATCH A SET OF RULES 1 SELECT * FROM CUSTOMERS; 3 QUERY FAILED: 1141 ERROR: Required WHERE/HAVING clause is missing MATCH RULES FOR SPECIFIED USERS MATCH ON MaxScale 2 DATABASE FIREWALL FILTER date/time a WHERE clause query type column match a wildcard or regular expression or function name rule safe_select deny no_where_clause on_queries select Protect against SQL injection Prevent unauthorized data access Prevent data damage rule safe_cust_select deny regex '.*from.*customers.*' user %app-user@% match all rules safe_cust_select safe_select Database Servers
17 MaxScale Filtering: SQL Injections What is a SQL Injection? A kind of web application attack, where usersupplied input comes from: URL Forms =a@app.com Other elements e.g., cookies, HTTP headers and is manipulated so that a vulnerable application executes SQL commands injected by attacker.
18 Who Can Be Affected by a SQL Injection? Applications vulnerable to SQL injection: Incorrect type handling Incorrectly filtered escape characters Blind SQL injection Second order SQL injection An Example: SELECT * from customer WHERE id =? User supplied value for id = 5, injected value is string 5 OR 1=1 SELECT * from customer WHERE id = 5 OR 1=1 This will result in application getting access to entire customer table instead of just the specific customer
19 Exploits of a Mom : SQL Injection according to xkcd
20 MaxScale Security DDoS Protection Clients DDoS Protection MAXIMUM ROWS FILTER Return zero rows to client if number of rows in result set exceeds configured max limit Return zero rows to client if the size of result set exceeds configured max size in KB QUERY QUERY 1 5 QUERY FAILED: 1141 ERROR: No rows returned 4 MaxRowsLimit FILTER Max Rows Limit = 500 NumRows Returned > MaxRows Limit 2 3 NumRows returned = 1000 Database Servers
21 MaxScale Security DDoS Protection Persistent connections to backend. When server connections are logically closed, keep them in pool for reuse. [SomeServer]... maxpersistpoolmax=30 maxscale.cnf Client connection limitation. Specify the maximum number of connections for a particular service. Client Client Client Client Max Client Connections per Service Variable number of connections Connection pool of configurable size [SomeService]... max_connections=100 maxscale.cnf
22 MaxScale Security DDoS Protection Client Client Client Client Cap the amount that can be returned. By rows or by size or both [LimitSize] type=filter module=maxrows max_resultset_rows=500 maxscale.cnf Query failed: 1141 Error: No rows returned MaxRows Filter Data will be returned to MaxScale, but MaxScale will not necessarily forward to client. Limit rate of queries using the firewall. Max Rows Limit = 500 NumRows returned = 1000 rule prevent_overload deny limit_queries firewall.txt If more than 15 queries are received in 5 seconds, block all queries for 10 seconds.
23 Security: Data Redaction Data Redaction via Data Masking Masking based on column name DATABASE NAME, TABLE NAME CLASSIFIER MAY BE PROVIDED commercedb.customertbl.creditcardnum customertbl.creditcardnum credicardnum COLUMN CAN BE Fully or partially masked Obfuscated Client SELECT FROM WHERE id=1001 Name, creditcardnum, balance customertbl Name creditcardnum balance John Smith xxxxxxxxxx HIPPA, PCI and GDPR needs Database Servers
24 MariaDB TX Data in Motion Encryption
25 MariaDB TX Data in Motion Encryption MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
26 Client-MaxScale-MariaDB Encryption Secured Connection Client Client Client Client SSL between Clients and MaxScale SSL between MaxScale and MariaDB server SSL SSL SSL SSL Secured user access LDAP/GSSAPI for secured single sign-on across OS platforms(windows, linux), applications and databases SSL
27 Client-MariaDB and MariaDB-MariaDB Encryption Secured Connection SSL between Clients and MariaDB Client Client SSL between MariaDB Master and Slaves SSL SSL Secured user access LDAP/GSSAPI for secured single sign-on across OS platforms(windows, linux), applications and databases SSL Database Servers
28 MariaDB TX Data at Rest Encryption
29 MariaDB TX Data at Rest Encryption MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
30 Data-at-rest Encryption Encrypting: Tables or tablespaces Aria Tables InnoDB Log files Binary/relay Logs Temporary files Independent of encryption capabilities of applications Based on encryption keys, key ids, key rotation and key versioning Low performance overhead Transparent to applications
31 Key Management Services Encryption plugin API offers choice Plugin to implement the data encryption Manage encryption Keys MariaDB Server options Simple Key Management included Amazon AWS KMS Plugin included Eperi KMS for on premise key management optional
32 MariaDB TX Authentication Plugins
33 MariaDB TX Authentication Plugins MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
34 Password Validation MariaDB comes with two password validation plugins simple_password_check plugin Can enforce a minimum password length guarantee that a password contains at least a specified number of upper and lowercase letters, digits, and punctuation characters cracklib_password_check plugin A widely used library Stop users from choosing easy to guess passwords. It includes checks for not allowing passwords based on the username or a dictionary word etc.
35 External Authentication Single Sign On is getting mandatory in most Enterprises. PAM-Authentication Plugin allows using /etc/shadow and any PAM based Authentication like LDAP Kerberos-Authentication as a standardized network authentication protocol is provided GSSAPI based on UNIX and SSPI based on Windows
36 MariaDB PAM Authentication Ticket request 1 Service ticket 2 Here is my service ticket, authenticate me KDC Client MariaDB 3 4 GSS-API on Linux Red Hat Directory Server OpenLDAP SSPI on Windows Active Directory Client / server session
37 MariaDB Role Based Access Control Role: DBA Permissions: Update Schema View Statistics Create Database MariaDB 10 Database Tables
38 MariaDB TX Auditing
39 MariaDB TX Auditing MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
40 Auditing for Security and Compliance MariaDB Audit Plugin Logs server activity Who connected to the server Source of connection Queries executed Tables touched Connection Query Connect Disconnect Failed Connect DDL DML + TCL Timestamp Host User Session File based or syslog based logging Monyog Audit log file filtering Object DCL Database Tables
41 MariaDB TX Per User Limit
42 MariaDB TX Per User Limit MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
43 New User Management Functions MAX_*_PER_HOUR Create_User can limit the number of queries, updates or connections per hour. MAX_USER_ CONNECTIONS limits the number of simultaneous connections MAX_STATEMENT_TIME any query (excluding stored procedures) taking longer than the value of max_statement_time (specified in seconds) to execute will be aborted. This can be set globally, by session, as well as per user and per query SHOW CREATE USER is useful way to see the command required to create a user for auditing or the creation of similar accounts.
44 New User Management Functions Examples: CREATE USER IDENTIFIED BY 'password'; CREATE USER REQUIRE ISSUER 'foo_issuer' SUBJECT 'foo_subject' CIPHER 'text' CREATE USER foo WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30 MAX_USER_CONNECTIONS 40;
45 MariaDB Security Gets Stronger All the Time MariaDB User Community Quickly identifies new threats Reports vulnerabilities Creates solutions Contributes features
46 Thank You
MariaDB CeBIT MariaDB 10.1: Datenbankverschlüsselung und andere Sicherheitsvorteile. Jens Bollmann, Principal Instructor/Consultant
2015, MariaDB Corp. MariaDB CeBIT 2016 MariaDB 10.1: Datenbankverschlüsselung und andere Sicherheitsvorteile Jens Bollmann, Principal Instructor/Consultant Agenda MariaDB 10.1/10.2 new features High Availabilty
More informationMySQL for Database Administrators Ed 4
Oracle University Contact Us: (09) 5494 1551 MySQL for Database Administrators Ed 4 Duration: 5 Days What you will learn The MySQL for Database Administrators course teaches DBAs and other database professionals
More informationEnterprise Open Source Databases
Enterprise Open Source Databases WHITE PAPER MariaDB vs. Oracle MySQL vs. EnterpriseDB MariaDB TX Born of the community. Raised in the enterprise. MariaDB TX, with a history of proven enterprise reliability
More informationMySQL Enterprise Security
MySQL Enterprise Security Mike Frank Product Management Director Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only,
More informationWhat s New in MySQL 5.7 Geir Høydalsvik, Sr. Director, MySQL Engineering. Copyright 2015, Oracle and/or its affiliates. All rights reserved.
What s New in MySQL 5.7 Geir Høydalsvik, Sr. Director, MySQL Engineering Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationMariaDB 10.3 vs MySQL 8.0. Tyler Duzan, Product Manager Percona
MariaDB 10.3 vs MySQL 8.0 Tyler Duzan, Product Manager Percona Who Am I? My name is Tyler Duzan Formerly an operations engineer for more than 12 years focused on security and automation Now a Product Manager
More informationSecurity Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication
Technical Whitepaper Security Overview As a team, we have a long history of developing and delivering HR software solutions to customers worldwide, including many of the world s most-demanding organisations.
More informationI, J, K. Lightweight directory access protocol (LDAP), 162
Index A Access Control, 183 Administration console, 17 home page, 17 managing instances, 19 managing requests, 18 managing workspaces, 19 monitoring activity, 19 Advanced security option (ASO), 58, 262
More informationMariaDB MaxScale 2.0 and ColumnStore 1.0 for the Boston MySQL Meetup Group Jon Day, Solution Architect - MariaDB
MariaDB MaxScale 2.0 and ColumnStore 1.0 for the Boston MySQL Meetup Group Jon Day, Solution Architect - MariaDB 2016 MariaDB Corporation Ab 1 Tonight s Topics: MariaDB MaxScale 2.0 Currently in Beta MariaDB
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationMariaDB MaxScale 2.0, basis for a Two-speed IT architecture
MariaDB MaxScale 2.0, basis for a Two-speed IT architecture Harry Timm, Business Development Manager harry.timm@mariadb.com Telef: +49-176-2177 0497 MariaDB FASTEST GROWING OPEN SOURCE DATABASE * Innovation
More informationDataSunrise Database Security Suite Release Notes
www.datasunrise.com DataSunrise Database Security Suite 4.0.4 Release Notes Contents DataSunrise Database Security Suite 4.0.4... 3 New features...3 Known limitations... 3 Version history... 5 DataSunrise
More informationScan Report Executive Summary
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 08/28/2017 Scan expiration date: 11/26/2017 Part 2. Component
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationFIREFLY ARCHITECTURE: CO-BROWSING AT SCALE FOR THE ENTERPRISE
FIREFLY ARCHITECTURE: CO-BROWSING AT SCALE FOR THE ENTERPRISE Table of Contents Introduction... 2 Architecture Overview... 2 Supported Browser Versions and Technologies... 3 Firewalls and Login Sessions...
More informationRelease Notes Version 7.8
Please Read Before Updating Before installing any firmware version, be sure to make a backup of your configuration and read all release notes that apply to versions more recent than the one currently running
More informationngenius Products in a GDPR Compliant Environment
l FAQ l ngenius Products in a GDPR Compliant Environment This document addresses questions from organizations that use ngenius Smart Data Core platform and application products and are evaluating their
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationCitrix NetScaler Basic and Advanced Administration Bootcamp
Citrix NetScaler Basic and Advanced Administration Bootcamp Duration: 6.00 Days Course Code: NETBC Overview: This boot camp covers the initial configuration and administration of Citrix NetScaler 9.2.
More informationIBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights
IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing
More informationGOING WHERE NO WAFS HAVE GONE BEFORE
GOING WHERE NO WAFS HAVE GONE BEFORE Andy Prow Aura Information Security Sam Pickles Senior Systems Engineer, F5 Networks NZ Agenda: WTF is a WAF? View from the Trenches Example Attacks and Mitigation
More informationPCI DSS and VNC Connect
VNC Connect security whitepaper PCI DSS and VNC Connect Version 1.2 VNC Connect security whitepaper Contents What is PCI DSS?... 3 How does VNC Connect enable PCI compliance?... 4 Build and maintain a
More informationCombating Common Web App Authentication Threats
Security PS Combating Common Web App Authentication Threats Bruce K. Marshall, CISSP, NSA-IAM Senior Security Consultant bmarshall@securityps.com Key Topics Key Presentation Topics Understanding Web App
More informationPercona Server for MySQL 8.0 Walkthrough
Percona Server for MySQL 8.0 Walkthrough Overview, Features, and Future Direction Tyler Duzan Product Manager MySQL Software & Cloud 01/08/2019 1 About Percona Solutions for your success with MySQL, MongoDB,
More informationGDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018
GDPR How to Comply in an HPE NonStop Environment Steve Tcherchian GTUG Mai 2018 Agenda About XYPRO What is GDPR Data Definitions Addressing GDPR Compliance on the HPE NonStop Slide 2 About XYPRO Inc. Magazine
More informationCogniFit Technical Security Details
Security Details CogniFit Technical Security Details CogniFit 2018 Table of Contents 1. Security 1.1 Servers........................ 3 1.2 Databases............................3 1.3 Network configuration......................
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationXerox Audio Documents App
Xerox Audio Documents App Additional information, if needed, on one or more lines Month 00, 0000 Information Assurance Disclosure 2018 Xerox Corporation. All rights reserved. Xerox, Xerox,
More informationMySQL Security, Privileges & User Management Kenny Gryp Percona Live Washington DC /
MySQL Security, Privileges & User Management Kenny Gryp Percona Live Washington DC / 2012-01-11 Security, Privileges & User Management Privilege System User Management Pluggable
More informationIT Service Delivery and Support Week Three. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao
IT Service Delivery and Support Week Three IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Infrastructure Essentials Computer Hardware Operating Systems (OS) & System Software Applications
More informationITS. MySQL for Database Administrators (40 Hours) (Exam code 1z0-883) (OCP My SQL DBA)
MySQL for Database Administrators (40 Hours) (Exam code 1z0-883) (OCP My SQL DBA) Prerequisites Have some experience with relational databases and SQL What will you learn? The MySQL for Database Administrators
More informationWhat's New in MySQL 5.7?
What's New in MySQL 5.7? Norvald H. Ryeng Software Engineer norvald.ryeng@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationMysql Tutorial Create Database User Grant All Specification
Mysql Tutorial Create Database User Grant All Specification The world's most popular open source database This part of CREATE USER syntax is shared with GRANT, so the description here applies to GRANT
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationScan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 02/18/2018 Scan expiration date: 05/19/2018 Part 2. Component
More informationMySQL Database Administrator Training NIIT, Gurgaon India 31 August-10 September 2015
MySQL Database Administrator Training Day 1: AGENDA Introduction to MySQL MySQL Overview MySQL Database Server Editions MySQL Products MySQL Services and Support MySQL Resources Example Databases MySQL
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationF5 Big-IP Application Security Manager v11
F5 F5 Big-IP Application Security Manager v11 Code: ACBE F5-ASM Days: 4 Course Description: This four-day course gives networking professionals a functional understanding of the BIG- IP LTM v11 system
More informationInformation Security Policy
Information Security Policy Information Security is a top priority for Ardoq, and we also rely on the security policies and follow the best practices set forth by AWS. Procedures will continuously be updated
More informationOWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13
Airlock and the OWASP TOP 10-2017 Version 2.1 11.24.2017 OWASP Top 10 A1 Injection... 3 A2 Broken Authentication... 5 A3 Sensitive Data Exposure... 6 A4 XML External Entities (XXE)... 7 A5 Broken Access
More informationMonitoring - Database Access. FAQ document
FAQ document Table of contents Introduction... 3 DB2... 4 I.Ports... 4... 4 SAP HANA... 5 I.Ports... 5... 5 SAP MaxDB... 6 I.Ports... 6... 6 MS SQL... 7 I.Ports... 7... 7 MySQL... 8 I.Ports... 8... 8 PostgreSQL...
More informationOWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example
Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide
More informationBIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0
BIG-IP Access Policy Manager : Secure Web Gateway Version 13.0 Table of Contents Table of Contents BIG-IP APM Secure Web Gateway Overview...9 About APM Secure Web Gateway... 9 About APM benefits for web
More informationCourse 834 EC-Council Certified Secure Programmer Java (ECSP)
Course 834 EC-Council Certified Secure Programmer Java (ECSP) Duration: 3 days You Will Learn How To Apply Java security principles and secure coding practices Java Security Platform, Sandbox, JVM, Class
More informationSecurity in the Privileged Remote Access Appliance
Security in the Privileged Remote Access Appliance 2003-2018 BeyondTrust, Inc. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust, Inc. Other trademarks are the property
More informationSecurity Readiness Assessment
Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS
More informationDatabase Management Systems Design. Week 6 MySQL Project
Database Management Systems Design Week 6 MySQL Project This week we will be looking at how we can control access to users and groups of users on databases, tables. I have attempted to limit coverage of
More informationMastering phpmyadmiri 3.4 for
Mastering phpmyadmiri 3.4 for Effective MySQL Management A complete guide to getting started with phpmyadmin 3.4 and mastering its features Marc Delisle [ t]open so 1 I community experience c PUBLISHING
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationManaged Application Security trends and best practices in application security
Managed Application Security trends and best practices in application security Adrian Locusteanu, B2B Delivery Director, Telekom Romania adrian.locusteanu@telekom.ro About Me Adrian Locusteanu is the B2B
More informationOpen-Xchange App Suite Minor Release v Feature Overview V1.0
Open-Xchange App Suite Minor Release v7.10.1 Feature Overview V1.0 1 OX App Suite v7.10.1... 4 1.1 Intention of this Document... 4 1.2 Key Benefits of OX App Suite v7.10.1... 4 2 OX Calendar Enhancements
More informationISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems
ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built
More informationElastic Load Balance. User Guide. Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 01 Date 2018-04-30 HUAWEI TECHNOLOGIES CO., LTD. 2018. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of
More informationCassandra Database Security
Cassandra Database Security Author: Mohit Bagria NoSQL Database A NoSQL database (sometimes called as Not Only SQL) is a database that provides a mechanism to store and retrieve data other than the tabular
More informationAn Oracle White Paper September Security and the Oracle Database Cloud Service
An Oracle White Paper September 2012 Security and the Oracle Database Cloud Service 1 Table of Contents Overview... 3 Security architecture... 4 User areas... 4 Accounts... 4 Identity Domains... 4 Database
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationChapter 5: Database Security
i Chapter 5: Comp Sci 3600 Outline i 1 2 i 3 4 5 Outline i 1 2 i 3 4 5 What is a i Structured collection of data stored for use by one or more applications Contains the relationships between data items
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationSOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management
SOLUTION BRIEF CA API MANAGEMENT Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management 2 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com
More informationKey Drivers for Data Security
Security User Management Access Control Data Protection Monitoring Key Drivers for Data Security Regulatory Compliance Sarbanes-Oxley (SOX), Foreign Exchange Instruments and Exchange Law (J-SOX) EU Privacy
More informationAWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services
AWS Webinar Navigating GDPR Compliance on AWS Christian Hesse Amazon Web Services What is the GDPR? What is the GDPR? The "GDPR" is the General Data Protection Regulation, a significant new EU Data Protection
More informationMySQL for Database Administrators Ed 3.1
Oracle University Contact Us: 1.800.529.0165 MySQL for Database Administrators Ed 3.1 Duration: 5 Days What you will learn The MySQL for Database Administrators training is designed for DBAs and other
More informationSecuring ArcGIS Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Securing ArcGIS Services James Cardona Agenda Security in the context of ArcGIS for Server Background concepts Access Securing web services
More informationOracle Database 11g: Security Release 2
Oracle University Contact Us: + 38516306373 Oracle Database 11g: Security Release 2 Duration: 5 Days What you will learn In this course, students learn how they can use Oracle Database features to meet
More informationScan Report Executive Summary
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 11/20/2017 Scan expiration date: 02/18/2018 Part 2. Component
More informationNCP Secure Enterprise Management for Linux Release Notes
Major Release: 4.01 r32851 Date: November 2016 Prerequisites The following x64 operating systems and databases with corresponding ODBC driver have been tested and released: Linux Distribution Database
More informationStorage Made Easy Enterprise File Share and Sync Fabric Architecture
Storage Made Easy Enterprise File Share and Sync Fabric Architecture Software Stack The SME platform is built using open Internet technologies. The base operating system uses a hardened version of CentOS
More informationΟ ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος
Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Providing clarity and consistency for the protection of personal data The General
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationOracle Database Vault
Oracle Database Vault DBA Administrative Best Practices ORACLE WHITE PAPER MAY 2015 Table of Contents Introduction 2 Database Administration Tasks Summary 3 General Database Administration Tasks 4 Managing
More informationEXAM - CAS-002. CompTIA Advanced Security Practitioner (CASP) Exam. Buy Full Product.
CompTIA EXAM - CAS-002 CompTIA Advanced Security Practitioner (CASP) Exam Buy Full Product http://www.examskey.com/cas-002.html Examskey CompTIA CAS-002 exam demo product is here for you to test the quality
More informationState of the Dolphin Developing new Apps in MySQL 8
State of the Dolphin Developing new Apps in MySQL 8 Highlights of MySQL 8.0 technology updates Mark Swarbrick MySQL Principle Presales Consultant Jill Anolik MySQL Global Business Unit Israel Copyright
More informationLecture 08: Networking services: there s no place like
Lecture 08: services: there s no place like 127.0.0.1 Hands-on Unix system administration DeCal 2012-10-15 1 / 22 About Common records Other records 2 / 22 About About Common records Other records Domain
More informationDatabase Security Service. FAQs. Issue 19 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 19 Date 2019-04-08 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2019. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any
More informationPCI DSS and the VNC SDK
RealVNC Limited 2016. 1 What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) compliance is mandated by many major credit card companies, including Visa, MasterCard, American Express,
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationOracle Database 11g: Security Release 2
Oracle University Contact Us: 001-855-844-3881 & 001-800-514-06-97 Oracle Database 11g: Security Release 2 Duration: 5 Days What you will learn In this course, you'll learn how to use Oracle Database features
More informationRandtronics Data Privacy Manager
Randtronics Data Privacy Manager 1 Randtronics Data Privacy Manager Securing your business A business that only encrypts their data is more secure than businesses with everything else Randtronics DPM de-risks
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationJordan Levesque - Keeping your Business Secure
Jordan Levesque - Keeping your Business Secure Review of PCI Benefits of hosting with RCS File Integrity Monitoring Two Factor Log Aggregation Vulnerability Scanning Configuration Management and Continuous
More informationElastic Load Balancing. User Guide. Date
Date 2018-07-20 Contents Contents 1 Product Description... 4 1.1 What Is Elastic Load Balancing (ELB)?... 4 1.2 Load Balancer Type... 4 1.3 Basic Architecture... 5 1.3.1 Classic Load Balancer... 5 1.3.2
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationApplication Layer Security
Application Layer Security General overview Ma. Angel Marquez Andrade Benefits of web Applications: No need to distribute separate client software Changes to the interface take effect immediately Client-side
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationCO MySQL for Database Administrators
CO-61762 MySQL for Database Administrators Summary Duration 5 Days Audience Administrators, Database Designers, Developers Level Professional Technology Oracle MySQL 5.5 Delivery Method Instructor-led
More informationHigh availability with MariaDB TX: The definitive guide
High availability with MariaDB TX: The definitive guide MARCH 2018 Table of Contents Introduction - Concepts - Terminology MariaDB TX High availability - Master/slave replication - Multi-master clustering
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions
ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT Guidelines and Frequently Asked Questions About NETSCOUT NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) assures digital business services against disruptions
More informationIntroduction. The Safe-T Solution
Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,
More informationProtecting MySQL network traffic. Daniël van Eeden 25 April 2017
Protecting MySQL network traffic Daniël van Eeden 25 April 2017 Booking.com at a glance Started in 1996; still based in Amsterdam Member of the Priceline Group since 2005 (stock: PCLN) Amazing growth;
More informationI n p u t. This time. Security. Software. sanitization ); drop table slides. Continuing with. Getting insane with. New attacks and countermeasures:
This time Continuing with Software Security Getting insane with I n p u t sanitization ); drop table slides New attacks and countermeasures: SQL injection Background on web architectures A very basic web
More informationConfiguring Virtual Servers
3 CHAPTER This section provides an overview of server load balancing and procedures for configuring virtual servers for load balancing on an ACE appliance. Note When you use the ACE CLI to configure named
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationIntroduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike
Anonymous Application Access Product Brief Contents Introduction 1 The Safe-T Solution 1 How It Works 2-3 Capabilities 4 Benefits 4 List 5-11 Introduction With the move to the digital enterprise, all organizations
More informationPenetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant
Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationCompliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security
Panda Security Compliance of Panda Products with General Data Protection Regulation (GDPR) 1 Contents 1.1. SCOPE OF THIS DOCUMENT... 3 1.2. GENERAL DATA PROTECTION REGULATION: OBJECTIVES... 3 1.3. STORED
More informationA Security Admin's Survival Guide to the GDPR.
A Security Admin's Survival Guide to the GDPR www.manageengine.com/log-management Table of Contents Scope of this guide... 2 The GDPR requirements that need your attention... 2 Prep steps for GDPR compliance...
More informationMobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.
Mobile Payment Application Security Security steps to take while developing Mobile Application s About SISA Payment Security Specialists PCI Certification Body (PCI Qualified Security Assessor) Payment
More information