What to bring:

Basic networking knowledge is required and a familiarization with database concepts would be beneficial. Experience or knowledge of specific database solutions is desirable, though not essential in order to complete the course satisfactorily.

Participants are requested to bring their own laptops installed with a either Microsoft® Windows® 2000 or Windows XP, fully patched.

This class provides an VMware attack image for students to use - although VMware workstation is *not* required, students are urged to have at least 512MB of RAM for best performance.

Black Hat USA 2009 Weekend Training Session

July 25-26

Black Hat USA 2009 Weekday Training Session

July 27-28

Advanced Database Security Assessment

Kev Dunn, NGS Software & Wade Alcorn, NGS Software

Overview

Computer networks are built to support business functionality and beyond communication the result of business is data. The data important to your business is your company’s digital assets—it needs organization, maintenance and above all protection from malicious attackers. The modern corporate enterprise contains database solutions used to take care of data such as client credit card numbers, customer names and addresses—even the entire employee pay roll. Ensuring that this data can’t get into the hands of unauthorized employees, your competitors or punk kids trading card numbers on IRC means that you need to recognize and secure it from this threat. The evolution of security training has shown us that the most effective way to learn about security is by learning from the people that know how to attack your systems. By understanding the threat from the attacker’s perspective, you can develop effective assessment methodologies and ultimately secure what really matters from ever increasing threats.

NGSSoftware (http://www.ngssoftware.com) is offering the chance to benefit from the experience of its consultants and award-winning research team. This course teaches how to recognize the insecurities present within common database systems and how these flaws can leave you wide open to attack. It is tailored to teach security consultants, database administrators and IT professionals how hackers discover and exploit vulnerabilities to gain access to your data and further penetrate internal networks. By learning these techniques, we can discover the flaws for ourselves and effectively develop strategies to keep attackers out.