SQL Injection Attacks and Defense
|
|
- Oswald Marshall
- 6 years ago
- Views:
Transcription
1 SQL Injection Attacks and Defense
2
3 SQL Injection Attacks and Defense Second Edition Justin Clarke AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an Imprint of Elsevier
4 Acquiring Editor: Development Editor: Project Manager: Designer: Chris Katsaropolous Heather Scherer Jessica Vaughan Russell Purdy Syngress is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA 2012 Elsevier, Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. Library of Congress Cataloging-in-Publication Data Application submitted British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. ISBN: Printed in the United States of America For information on all Syngress publications visit our website at
5 Acknowledgements Justin would like to thank the Syngress editing team (and especially Chris Katsaropoulos and Heather Scherer) for once again being willing to take on a book which (in the publishing industry) has a ridiculous number of authors involved. He d also like to thank, in his role as chief cat-herder, the author team for all pulling together to get this project completed.
6
7 Justin would like to dedicate this book to his daughter Adena for being a continual delight to him. Dave would like to express heartfelt thanks to his extremely beautiful wife Nicole and daughter Isla Rose, who continuously support and inspire him in all endeavors. Sumit sid Siddharth would like to thank his beautiful wife Supriya and his gorgeous daughter Shriya for their support. He would also like to thank his pentest team at 7Safe for putting up with him. Alberto would like to dedicate this book to all the hackers worldwide who have researched the material and written the tools described in this book. I would also like to dedicate it to Franziskaner Weissbier Brewery, Munich, without which my contribution would not have been possible.
8
9 Contributing Authors Rodrigo Marcos Alvarez (CREST consultant, MSc, BSc, CISSP, CNNA, OPST, MCP) is the technical director of SECFORCE, a leading penetration testing consultancy. When not leading the technical team, Rodrigo still enjoys getting actively involved in the delivery of security assessments and getting his hands dirty writing tools and working on interesting new hacking techniques. Rodrigo is a contributor to the OWASP project and a security researcher. He is particularly interested in network protocol analysis via fuzzing testing. Among other projects, he has released TAOF, a protocol agnostic GUI fuzzer, and proxyfuzz, a TCP/UDP proxy which fuzzes network traffic on the fly. Rodrigo has also contributed to the web security field by releasing bsishell, a python interacting blind SQL injection shell and developing TCP socket reusing attacking techniques. Kevvie Fowler (GCFA Gold, CISSP, MCTS, MCDBA, MCSD, MCSE) leads the TELUS Security Intelligence Analysis practice where he delivers advanced event analysis and proactive intelligence to protect customers against present and emerging threats. He is also the founder and principal consultant of Ringzero, a security research and forensic services company. Kevvie s recent research has focused on database forensics, rootkits and native encryption flaws which he has presented at industry conferences including Black Hat, SecTor and OWASP AppSec Asia. Kevvie is author of SQL Server Forensic Analysis and contributing author to several information security and forensics books. As a recognized SANS forensicator and GIAC Advisory Board member he helps guide the direction of emerging security and forensic research. Kevvie serves as a trusted advisor to public and private sector clients and his thought leadership has been featured within Information Security Magazine, Dark Reading and Kaspersky Threatpost. Dave Hartley is a Principal Security Consultant for MWR InfoSecurity operating as a CHECK and CREST Certified Consultant (Application and Infrastructure). MWR InfoSecurity supply services which support their clients in identifying, managing and mitigating their Information Security risks. Dave has performed a wide range of security assessments and provided a myriad of consultancy services for clients in a number of different sectors, including financial institutions, entertainment, media, telecommunications, and software development companies and government organizations worldwide. Dave also sits on the CREST assessors and NBISE advisory panels, where he invigilates examinations and collaboratively develops new CREST examination modules. CREST is a standards-based organization for penetration test suppliers incorporating a best practice technical certification program for individual consultants. Dave has also been actively engaged in creating a US centric examination process in conjunction with NBISE. ix
10 x Contributing Authors Dave has been working in the IT Industry since 1998 and his experience includes a range of IT Security fields and disciplines. Dave is a published author and regular contributor to many information security periodicals and is also the author of the Bobcat SQL injection exploitation tool. Alexander Kornbrust is the founder of Red-Database-Security, a company specializing in database security. He provides database security audits, security training and consulting to customers worldwide. Alexander is also involved with designing and developing the McAfee Security Scanner for Databases, the leading tool for database security. Alexander has worked with Oracle products since 1992 and his specialties are the security of Oracle databases and architectures. He has reported more than 1200 security bugs to Oracle and holds a masters degree (Diplom-Informatiker) in computer science from the University of Passau. Erlend Oftedal works as a consultant at Bekk Consulting AS in Oslo in Norway and has been head of Bekk s security competency group for several years. He spends his days as a security adviser and developer for Bekk s clients, and he also does code reviews and security testing. He has done talks on web application security at both software development and security conferences like Javazone and OWASP AppSec Europe, and at user groups and universities in Norway and abroad. He is a security researcher and is very involved in the OWASP Norway chapter. He is also a member of the Norwegian Honeynet Project. Erlend holds a masters degree in computer science from the Norwegian University of Science and Technology (NTNU). Gary O Leary-Steele (CREST Consultant) is the Technical Director of Sec-1 Ltd, based in the UK. He currently provides senior-level penetration testing and security consultancy for a variety of clients, including a number of large online retailers and financial sector organizations. His specialties include web application security assessment, network penetration testing and vulnerability research. Gary is also the lead author and trainer for the Sec-1 Certified Network Security Professional (CNSP) training program that has seen more than 3000 attendees since its launch. Gary is credited by Microsoft, RSA, GFI, Splunk, IBM and Marshal Software for the discovery of security flaws within their commercial applications. Alberto Revelli is a security researcher and the author of sqlninja, an open source toolkit that has become a weapon of choice when exploiting SQL Injection vulnerabilities on web applications based on Microsoft SQL Server. As for his day job, he works for a major commodities trading company, mostly breaking and then fixing anything that happens to tickle his curiosity. During his career he has assisted a multitude of companies including major financial institutions, telecom operators, media and manufacturing companies. He
Security for Microsoft Windows System Administrators
Security for Microsoft Windows System Administrators Security for Microsoft Windows System Administrators Introduction to Key Information Security Concepts Derrick Rountree Rodney Buike, Technical Editor
More informationHTML5 MOBILE WEBSITES
HTML5 MOBILE WEBSITES HTML5 MOBILE WEBSITES TURBOCHARGING HTML5 WITH jquery MOBILE, SENCHA TOUCH, AND OTHER FRAMEWORKS MATTHEW DAVID AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO
More informationEleventh Hour Network+ Exam N Study Guide
Eleventh Hour Network+ Exam N10-004 Study Guide Syngress Eleventh Hour Series Eleventh Hour Linux+: Exam XK1-003 Study Guide ISBN: 978-1-59749-497-7 Graham Speake Eleventh Hour Security+: Exam SYO-201
More informationRendering with mental ray and 3ds Max
Rendering with mental ray and 3ds Max Rendering with mental ray and 3ds Max Second Edition Joep van der Steen Ted Boardman AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO
More informationNetworked Graphics 01_P374423_PRELIMS.indd i 10/27/2009 6:57:42 AM
Networked Graphics Networked Graphics Building Networked Games and Virtual Environments Anthony Steed Manuel Fradinho Oliveira AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO
More informationTraveling Wave Analysis of Partial Differential Equations
Traveling Wave Analysis of Partial Differential Equations Traveling Wave Analysis of Partial Differential Equations Numerical and Analytical Methods with MATLAB R and Maple Graham W. Griffiths City University,
More informationCoding for Penetration
Coding for Penetration Testers Building Better Tools Jason Andress Ryan Linn ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is
More informationHacker Academy UK. Black Suits, White Hats!
Hacker Academy UK Black Suits, White Hats! Cyber Security Training and Services Do your devices Protect you against Cyber-attacks? Chinese hackers have allegedly stolen 50 terabytes of data on F-35 aircraft,
More informationCoding for Penetration Testers Building Better Tools
Coding for Penetration Testers Building Better Tools Second Edition Jason Andress Ryan Linn Clara Hartwell, Technical Editor ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO
More informationCyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security
CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships About SANS The SANS (SysAdmin, Audit, Network, Security) Institute Established in 1989 Cooperative research
More informationManaged. Code Rootkits. Hooking. into Runtime. Environments. Erez Metula ELSEVIER. Syngress is an imprint of Elsevier SYNGRESS
Managed Code Rootkits Hooking into Runtime Environments Erez Metula ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint
More informationPenetration testing.
Penetration testing Penetration testing is a globally recognized security measure that can help provide assurances that a company s critical business infrastructure is protected from internal or external
More informationAn Introduction to Programming with IDL
An Introduction to Programming with IDL Interactive Data Language Kenneth P. Bowman Department of Atmospheric Sciences Texas A&M University AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN
More informationOpen-Source Robotics and Process Control Cookbook
Open-Source Robotics and Process Control Cookbook This page intentionally left blank Open-Source Robotics and Process Control Cookbook Designing and Building Robust, Dependable Real-Time Systems by Lewin
More informationCYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World
CYBER CAMPUS THE CYBER SCHOOL FOR THE REAL WORLD. KPMG BUSINESS SCHOOL The Business School for the Real World In the real world, cyber security applies to all: large firms and small companies, tech experts,
More informationSystem Assurance. Beyond Detecting. Vulnerabilities. Djenana Campara. Nikolai Mansourov
System Assurance Beyond Detecting Vulnerabilities Nikolai Mansourov Djenana Campara ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SYDNEY TOKYO Morgan Kaufmann
More informationUnderstand and Implement Effective PCI Data Security Standard Compliance
PCI Compliance Understand and Implement Effective PCI Data Security Standard Compliance Second Edition Dr. Anton A. Chuvakin Branden R. Williams Technical Editor Ward Spangenberg ELSEVIER AMSTERDAM BOSTON
More informationWindows Forensic Analysis Toolkit Third Edition Advanced Analysis Techniques For Windows 7
Windows Forensic Analysis Toolkit Third Edition Advanced Analysis Techniques For Windows 7 We have made it easy for you to find a PDF Ebooks without any digging. And by having access to our ebooks online
More informationWindows Forensic Analysis Toolkit Third Edition Advanced Analysis Techniques For Windows 7
Windows Forensic Analysis Toolkit Third Edition Advanced Analysis Techniques For Windows 7 We have made it easy for you to find a PDF Ebooks without any digging. And by having access to our ebooks online
More informationJustin Clarke Lead Author and Technical Editor. Rodrigo Marcos Alvarez Dave Hartley Joseph Hemler Alexander Kornbrust Haroon Meer
Justin Clarke Lead Author and Technical Editor Rodrigo Marcos Alvarez Dave Hartley Joseph Hemler Alexander Kornbrust Haroon Meer Gary O Leary-Steele Alberto Revelli Marco Slaviero Dafydd Stuttard Elsevier,
More informationSRM Service Guide. Smart Security. Smart Compliance. Service Guide
SRM Service Guide Smart Security. Smart Compliance. Service Guide Copyright Security Risk Management Limited Smart Security. Smart Compliance. Introduction Security Risk Management s (SRM) specialists
More informationOn the Radar: Positive Technologies protects against SS7 network vulnerabilities
On the Radar: Positive Technologies protects against SS7 network vulnerabilities PT SS7 Attack Discovery detects SS7 network intrusions Publication Date: 14 Feb 2017 Product code: IT0022-000885 Andrew
More informationSecuring Digital Applications
Securing Digital Applications Chris Lewis: Certification Director Agenda The problem and solution The Kitemark and how it works ISO/IEC 27001 (Information Security Management Standard) OWASP ASVS v2 CVSS
More informationHands-On Oracle Application Express Security
Hands-On Oracle Application Express Security BUILDING SECURE APEX APPLICATIONS Recx Hands-On Oracle Application Express Security: Building Secure Apex Applications Published by John Wiley & Sons, Inc.
More informationDATA VISUALIZATION WITH FLASH BUILDER
DATA VISUALIZATION WITH FLASH BUILDER DESIGNING RIA AND AIR APPLICATIONS WITH REMOTE DATA SOURCES CESARE ROCCHI First published 2011 by Focal Press Published 2017 by Routledge 2 Park Square, Milton Park,
More informationSQL Injection Attacks and Defense
SQL Injection Attacks and Defense Justin Clarke Lead Author and Technical Editor Rodrigo Marcos Alvarez Dave Hartley Joseph Hemler Alexander Kornbrust Haroon Meer Gary O'Leary-Steele Alberto Revelli Marco
More informationStrengthening Capacity in Cyber Talent sans.org/cybertalent
SANS Security Awareness Summit August 4th, 2016 Strengthening Capacity in Cyber Talent sans.org/cybertalent Cybersecurity: The Current State Skills Mismatch Emphasis on theory over practice Education focus
More informationSPECIALIST CYBER SECURITY SERVICES & CYBER VULNERABILITY HEALTH CHECK FOR SMALLER COMPANIES
SPECIALIST CYBER SECURITY SERVICES & CYBER VULNERABILITY HEALTH CHECK FOR SMALLER COMPANIES Dear Executive, you requested more information, here are three quick questions Would you know if your company
More informationIngram Micro Cyber Security Portfolio
Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training
More informationGlobal Security Consulting Services, compliancy and risk asessment services
Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting Today s Business Environment
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More informationCareer Paths In Cybersecurity
Career Paths In Cybersecurity Introductions Rob Ashcraft Sr. Technical Advisor 26-yrs in Information Technology 14-yrs in Information Security Held positions as Technician, IT Management, IT Sales Double
More informationPROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM
PROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM THE THREAT WE FACE On average, the Department of Administration information officers identify: 200 brute force attempts per day;
More informationPCI compliance the what and the why Executing through excellence
PCI compliance the what and the why Executing through excellence Tejinder Basi, Partner Tarlok Birdi, Senior Manager May 27, 2009 Agenda 1. Introduction 2. Background 3. What problem are we trying to solve?
More informationThis page intentionally left blank
Database Concepts This page intentionally left blank Database Concepts Seventh Edition David M. Kroenke David J. Auer Western Washington University Boston Columbus Indianapolis New York San Francisco Hoboken
More informationWhat every IT professional needs to know about penetration tests
What every IT professional needs to know about penetration tests 24 th April, 2014 Geraint Williams IT Governance Ltd www.itgovernance.co.uk Overview So what do IT Professionals need to know about penetration
More informationFISMAand the Risk Management Framework
FISMAand the Risk Management Framework The New Practice of Federal Cyber Security Stephen D. Gantz Daniel R. Phi I pott Darren Windham, Technical Editor ^jm* ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON
More informationCyber Security: It s all about TRUST
www.pwc.com/vn Cyber Security: It s all about TRUST 29 th March 2017 Robert Tran Cybersecurity leader, Vietnam Content s Digital IQ Survey 1 Current state of Cybersecurity in Vietnam 2 2 Our global team
More informationIntroducing Maryville University s CYBER SECURITY ONLINE PROGRAMS. Bachelor of Science in Cyber Security & Master of Science in Cyber Security
Introducing Maryville University s CYBER SECURITY ONLINE PROGRAMS Bachelor of Science in Cyber Security & Master of Science in Cyber Security The cyber security industry is calling for more experts. And
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationOn the Radar: Kenna Security protects enterprises against data breaches
On the Radar: Kenna Security protects enterprises against data breaches Kenna offers continuous analysis of vulnerabilities and prioritizes remediation activities Publication Date: 27 Mar 2018 Product
More informationCOSO Enterprise Risk Management
COSO Enterprise Risk Management COSO Enterprise Risk Management Establishing Effective Governance, Risk, and Compliance Processes Second Edition ROBERT R. MOELLER John Wiley & Sons, Inc. Copyright # 2007,
More informationDXC Security Training
DXC Security Training DXC Security Training Table of contents About DXC Security Training 2 About DXC Technology 3 Inforsec Registered Assessors Program (IRAP) 4 ISM Fundamentals 6 Cyber Security Incident
More informationUnderstanding the Changing Cybersecurity Problem
Understanding the Changing Cybersecurity Problem Keith Price BBus, MSc, CGEIT, CISM, CISSP Founder & Principal Consultant 1 About About me - Specialise in information security strategy, architecture, and
More informationBeginning Transact-SQL with SQL Server 2000 and Paul Turley with Dan Wood
Beginning Transact-SQL with SQL Server 2000 and 2005 Paul Turley with Dan Wood Beginning Transact-SQL with SQL Server 2000 and 2005 Beginning Transact-SQL with SQL Server 2000 and 2005 Paul Turley with
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationData Security and Privacy at Handshake
Data Security and Privacy at Handshake Introduction 3 A Culture of Security 3 Employee Background Checks 3 Dedicated Security and Privacy Teams 3 Ongoing Team Training 4 Compliance 4 FERPA 4 GDPR 4 Security
More informationAre Your Systems Vulnerable to Hacker Attacks? Achieving Success through Shared Experience
Are Your Systems Vulnerable to Hacker Attacks? Achieving Success through Shared Experience BC Ministry of Technology, Innovation and Citizens Services Information Security Branch Agenda The Red Team /
More informationSecurity. Protect your business from security threats with Pearl Technology. The Connection That Matters Most
Security Protect your business from security threats with Pearl Technology The Connection That Matters Most Committed to Your Future When it comes to your business, security can mean many things. But to
More informationTraining on CREST Practitioner Security Analyst (CPSA)
1 Training on CREST Practitioner Security Analyst (CPSA) Objectives This programme introduces to you to the CPSA, CREST Practitioner Security Analyst, and certification. This instructor led course covers
More informationCURRICULUM VITAE SHON L. HARRIS, CISSP
CURRICULUM VITAE SHON L. HARRIS, CISSP Logical Security, Inc. 9901 I-10 West, Suite 800 San Antonio, Texas 78230 210-566-0488 888-373-5116 888-373-5116 Fax ShonHarris@LogicalSecurity.com www.logicalsecurity.com
More informationEC-Council V9 Exam
Volume: 203 Questions Question: 1 TCP/IP model is a framework for the Internet Protocol suite of computer network protocols that defines the communication in an IP-based network. It provides end-to-end
More informationOperations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ
Operations & Technology Seminar Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ Operations & Technology Roundtable Crowne Plaza Monroe, Monroe Township, NJ Tuesday, November 8, 2016
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationOn the Radar: IBM Resilient applies incident response orchestration to GDPR data breaches
On the Radar: IBM Resilient applies incident response orchestration to GDPR data breaches An incident response orchestration platform tailored to GDPR breach management needs Publication Date: 24 Oct 2018
More informationThe Widening Talent Gap: The greatest security challenge of our time
INFORMATION SECURITY The Widening Talent Gap: The greatest security challenge of our time Presented by: Experis Information Security Practice Thursday, April 14, 2016 General Information Share the webinar
More informationKaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services. #truecybersecurity
Kaspersky Enterprise Cybersecurity Kaspersky Security Assessment Services www.kaspersky.com #truecybersecurity Security Assessment Services Security Assessment Services from Kaspersky Lab. the services
More informationAGENDA: Cyber Essentials: The UK Government Scheme to improve cyber security (Dexter House, Royal Mint Court, London, 17 July 2014)
www.itgovernance.co.uk Time Session 09:00-9:30 Registration Tea and coffee Networking 09:30-09:35 Welcome to Cyber Essentials 2, and introduction to guest speaker, Richard Bach (Michael Shuff, IT Governance
More information2015 VORMETRIC INSIDER THREAT REPORT
Research Conducted by Research Analyzed by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security GLOBAL EDITION #2015InsiderThreat EXECUTIVE PERSPECTIVE 1 INSIDER THREATS:
More informationInformation Security Keeping Up With DevOps
Connecting People. Delivering Security. Information Security Keeping Up With DevOps Stas Filshtinkskiy - Applied Mathematics degree - 20 years in Information Security - 10 years of that in software development
More informationTraining Catalog. Decker Consulting GmbH Birkenstrasse 49 CH 6343 Rotkreuz. Revision public. Authorized Training Partner
Management and Information Technology Solutions Decker Consulting GmbH Training Catalog Decker Consulting GmbH Birkenstrasse 49 CH 6343 Rotkreuz Revision 9.1 05.12.2018 public Authorized Training Partner
More informationImmersion Academy Annual Report 2018
Immersion Academy Annual Report 2018 An accelerated, intensive training and certification program that develops the real-world knowledge and hands-on skills needed to defend today s information security
More informationA Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework
A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework Prepared by: Larry Wilson lwilson@umassp.edu Chief Information Security Officer University
More informationCertified Cyber Security Specialist
Certified Cyber Security Specialist Page 1 of 7 Why Attend This course will provide participants with in-depth knowledge and practical skills to plan, deliver and monitor IT/cyber security to internal
More informationBuilding the Cybersecurity Workforce. November 2017
Building the Cybersecurity Workforce November 2017 Our Global Footprint Measuring Kaplan University s Educational Impact For every career path +1MM students annually served Facilities in 30+ countries
More informationOracle bakes security into its DNA
Publication Date: 16 Nov 2018 Product code: INT003-000287 Maxine Holt Ovum view Summary At the inaugural Oracle Security Summit held at the company s stunning Santa Clara campus in September 2018, analysts
More informationA Passage to Penetration Testing!
A Passage to Penetration Testing! EC-Council Cyber Research This paper is from EC-Council s site. Reposting is not permitted without express written permission. What Is Penetration Testing? A penetration
More informationBen Eu. Summary. Experience. Associate Partner, Infrastructure & Endpoint Security at IBM
Ben Eu Associate Partner, Infrastructure & Endpoint Security at IBM Summary Ben Eu is currently an Associate Partner at IBM Security Services, North America. As an experienced information security executive
More informationSecurity Awareness Training Courses
Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationEffective Partnerships: Security and Privacy in Smart Cities
SESSION ID: SEC-R03 Effective Partnerships: Security and Privacy in Smart Cities Mr. Robert (Bob) Butler Chief Security Advisor IO Data Centers LLC Dr. Irv Lachow Principal Cyber Researcher The MITRE Corporation
More informationRobert A. Robertson Ph.D., CISSP, GCFE, GCFA, GCIA
Summary Rob began his technical career with Automatic Data Processing (ADP), in their Dealer Service Division. His position at ADP laid the foundation for his passion for finding solutions to business
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationThe fast track to top skills and top jobs in cyber. Guaranteed.
The fast track to top skills and top jobs in cyber. Guaranteed. NO COST TO SELECTED PARTICIPANTS WELCOME The SANS Institute is presenting the SANS CyberTalent Immersion Academy for Women to encourage women
More informationDefining FM Excellence
Your guide to the IFMA-RICS suite of credentials and professional development The IFMA-RICS Collaboration The most significant evolution in the history of facility management Suite of credentials Together,
More information2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers
2017 PORT SECURITY SEMINAR & EXPO ISACA/CISM Information Security Management Training for Security Directors/Managers Agenda Introduction ISACA Information security vs. cybersecurity CISM certification
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More informationTRAINING CURRICULUM 2017 Q2
TRAINING CURRICULUM 2017 Q2 Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You? Why Security Compass? Role-Based Training
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationTraining and Certifying Security Testers Beyond Penetration Testing
Training and Certifying Security Testers Beyond Penetration Testing Randall W. Rice, CTAL (Full), CTAL-SEC Director, ASTQB Board of Directors www.astqb.org Most organizations do not know the true status
More informationAwareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB
Awareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB 2 OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB In today s digital world, safeguarding data, intellectual property, financial
More informationCFE Exam Review Course
CFE Exam Review Course Leading Excellence in Banking BIBF plays a vital role in the training and development of human capital in the Kingdom of Bahrain. Our commitment to excellence has strengthened our
More informationKeynotes. Mobile Version Subscribe Contact Us About Us Advertising Editorial SC UK SC Aus/NZ
Page 1 of 5 Mobile Version Subscribe Contact Us About Us Advertising Editorial SC UK SC Aus/NZ Search Home News Features Opinions Congress News & Opinions Products Sectors News Bytes Canada News Newsletters
More informationCYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationImpact of Enterprise Security Risk Assessments on Integrators & Manufacturers. J. Kelly Stewart Steve Oplinger James Marcella
Impact of Enterprise Security Risk Assessments on Integrators & Manufacturers J. Kelly Stewart Steve Oplinger James Marcella 1 Session Description What exactly does a risk assessment mean to the integrator
More informationITIL Intermediate Continual Service Improvement (CSI) Certification Boot Camp - Brochure
ITIL Intermediate Continual Service Improvement (CSI) Certification Boot Camp - Brochure Gain Knowledge to Align IT Services to Business Needs US Course Name : CISSP Version : INVL_CISSP_BR_02_089_1.2
More informationLes joies et les peines de la transformation numérique
Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education
More informationVal-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.
Val-EdTM Valiant Technologies Education & Training Services Workshop for CISM aspirants All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies. We are a specialty consulting
More informationEthical Hacking & Information Security. Justin David G. Pineda Asia Pacific College
Ethical Hacking & Information Security Justin David G. Pineda Asia Pacific College Topics for today: Is there such thing as ethical hacking? What is information security? What are issues that need to be
More informationPOSITION DESCRIPTION
Network Security Consultant POSITION DESCRIPTION Unit/Branch, Directorate: Location: Regulatory Unit Information Assurance and Cyber Security Directorate Auckland Salary range: I $90,366 - $135,548 Purpose
More informationIT in Healthcare Day
San Francisco ISACA Chapter Proudly Presents IT in Healthcare Day A Day-Long, Multi-Session Event, being held in Walnut Creek! Where: Walnut Creek Marriott - 2355 North Main Street Walnut Creek, CA 94596
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationDesign your network to aid forensics investigation
18th Annual FIRST Conference Design your network to aid forensics investigation Robert B. Sisk, PhD, CISSP Senior Technical Staff Member IBM Baltimore, Maryland USA Master Outline Introduction Incident
More informationNISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions
NISTCSF.COM NIST Cybersecurity Framework (NCSF) Workforce Development Solutions AGENDA The Cybersecurity Threat Landscape The Cybersecurity Challenge NIST Cybersecurity Framework NICE Cybersecurity Workforce
More informationCYBER SECURITY TRAINING
CYBER Security skills for the digital age. Cyber Crime has never been more predominant. The number of breaches is exponentially rising year on year leading to an ever increasing Cyber Security threat.
More informationLinux Command Line and Shell Scripting Bible. Third Edtion
Linux Command Line and Shell Scripting Bible Third Edtion Linux Command Line and Shell Scripting BIBLE Third Edition Richard Blum Christine Bresnahan Linux Command Line and Shell Scripting Bible, Third
More informationITIL 2011 Foundation Certification Training - Brochure
ITIL 2011 Foundation Certification Training - Brochure The Launchpad for a Career in IT Service Management Course Name : ITIL Foundation Version : INVL_ITILF_BR_02_026_1.2 Course ID : ITSM - 109 www.invensislearning.com
More informationMitigating Security Breaches in Retail Applications WHITE PAPER
Mitigating Security Breaches in Retail Applications WHITE PAPER Executive Summary Retail security breaches have always been a concern in the past, present and will continue to be in the future. They have
More information