2012.0×0010 (Oct)
October Meeting details
Speaker: Mano ‘dash4rk’ Paul
CEO, SecuRisk Solutions and Express Certifications
Topic: SQL Injection and Soul Injection attacks
Date: October 12th, 2012
Time: 12:00 – 1:00 p.m. with introductions beginning at 11:30 a.m.
Venue: Microsoft Technology Center at Quarry Oaks 2.
Address: 10900 Stonelake Blvd. Suite 225. Austin, TX 78759
Synopsis:
Take hacking attacks by hacktivist groups such as Anonymous or Lulzsec or for that matter any security breach prevalent today and more often than not, you are going to find hackers are exploiting vulnerabilities in applications that have been around for a while now. Injection flaws is one such class of vulnerability. The OWASP Top 10 lists Injection attacks as the top most risk in applications today. Although SQL injection is rampant, injection flaws are not limited to just backend data stores, but operating systems, directory stores and XML documents as well.
In this special HackFormers AppSec edition meeting, Mano Paul will cover the different types of injection flaws and demonstrate SQL injection in depth, in the first part of his talk. The demo will show how a hacker will go about attempting to exploit an injection vulnerability, highlight the anatomy of a SQL injection attack and showcase the various impacts upon a successful breach. Effective mitigation strategies that you can implement to build highly secure software will be discussed.
The second part of the talk will focus on faith and life issues and how injection attacks are possible and conducted against one’s soul. It will focus on controls that one needs to be adopt to secure one’s soul and draw the parallel from SQL injection to soul injection. How prepared are you to deal with either?
Manoranjan (Mano) Paul (@manopaul) is the appointed Software Assurance Advisor for (ISC)2, representing and advising the organization on software assurance strategy, training, education and certification. He is also a member of the Application Security Advisory Board and the winner of the very first Information Security Leadership Awards (ISLA) as a practitioner in the Americas region.
His information security and software assurance experience includes designing and developing security programs from compliance-to-coding, security in the SDLC, writing secure code, risk management, security strategy, and security awareness training and education. Mr. Paul started his career as a shark researcher in the Bimini Biological Field Station, Bahamas. His educational pursuit took him to the University of Oklahoma where he received his Business Administration degree in Management Information Systems (MIS) with various accolades and the coveted 4.0 GPA. Following his entrepreneurial acumen, he founded and serves as the CEO & President of Express Certifications, a professional certification assessment and training company that developed studISCope, (ISC)2′s official self-assessment offering for their certifications. Express Certifications is also the self-assessment testing company behind the US Department of Defense certification education program as mandated by the 8570.1 directive. He also founded SecuRisk Solutions, a company that specializes in security product development and consulting. Before Express Certifications and SecuRisk Solutions, Mr. Paul played several roles from software developer, quality assurance engineer, logistics manager, technical architect, IT strategist and security engineer/program manager/strategist at Dell Inc.
Mr, Paul is the author of the 7 Qualities of highly secure software, the Official Guide to the CSSLP (Certified Secure Software Lifecycle Professional) and is a contributing author for the Information Security Management Handbook and has contributed to several security topics for the Microsoft Solutions Developer Network (MSDN). He has served as the Vice-President, industry representative and is an appointed faculty member of the Capitol of Texas Information System Security Association (ISSA) chapter. He has been featured in various domestic and international security conferences and is an invited speaker and panelist, delivering talks and keynotes in conferences such as the Security Congress, SANS, OWASP, ASIS, CSI, Gartner Catalyst, SC World Congress, and TRISC. Mr. Paul holds the following professional certifications – CSSLP, CISSP, AMBCI, MCSD, MCAD, CompTIA Network+ and the ECSA certification.
Mano is married to Sangeetha, whom he calls the “most wonderful and sacrificial person in this world” and their great joy includes spending time with their two sons – Reuben and Ittai.