Featured

MySQL 5.7
Support

Percona Server for MySQL
Learn More

Compare Percona to Leading Database Solutions

Start

Percona Products

Percona Services

Use Cases

Percona Resources

Software
Downloads

All of Percona’s open source software products, in one place, to download as much or as little as you need.

View Downloads

Valkey Contribution

Learn More

Product Documentation

View Documentation

Resource Hub

A single source for all resources

Webinars

Presentations

Datasheets

Ebooks

Downloads

Solution Briefs

Case Studies

Percona Videos

White Papers

Documentation

View All Resources

Why Percona for MongoDB?

Learn More

Why Percona for PostgreSQL?

Learn More

Percona Blog

Percona Blog

Our popular knowledge center for all Percona products and all related topics.

View The Blog

Community

Percona Community Hub

A place to stay in touch with the open source community

Forums

Community Blog

PMM Contributions

Explore The Community

Events

Percona Events Hub

See all of Percona’s upcoming events and view materials like webinars and forums from past events

Percona.connect events

Upcoming Events

View Our Events

About

About Percona

Percona is an open source database software, support, and services company that helps make databases and applications run better.

Learn More

Percona in the News

See Percona’s recent news coverage, press releases and industry recognition for our open source software and support.

News coverage
Press Releases

Our Customers

Learn More

Our Partners

Learn More

Careers

Learn More

Contact Us

Let's Talk

Web Application Security – Why You Should Review Yours

03/14/2019

Percona Technical Webinar

David Busby

In this talk, we take a look at the whole stack and I don’t just mean LAMP. We’ll cover what an attack surface is and some areas you may look to in order to ensure that you can reduce it. What’s an attack surface? Acronym Hell, what do they mean? Vulnerability Naming, is this media naming stupidity or driving the message home? Detection, Prevention and avoiding the boy who cried wolf. Emerging technologies to keep an eye on or even implement yourself to help improve your security posture. A live compromise demo (or backup video if something fails) which covers compromising a PCI compliant network structure to reach the database system and ultimately exploit multiple failures to gain bash shell access over the MySQL protocol.
Download slides
David Busby

David Busby

David has been a Linux systems admin for around 14 years, and generally in different roles – development, network admin, support, DBA, and more. He is a Fedora user and a fan of puppet (not so much the hat – nor Bert & Ernie, however). As time allows, he contributes to the EPEL packages for Openstack. He has an interest in infosec, and so is generally paranoid about security. He is also familiar with metasploit, sqlmap, john, oclHashCat, and has also written a few python tools. Living in Whitchurch, United Kingdom, he holds a 2nd dan black belt in Ju-Jitsu and, with his Father and Uncle, helps to teach at a local non-profit club with ages ranging from 6+. He also teaches computing to students at a local school using the Raspberry Pi as the platform running Raspbian. He is proud that they’re starting to grow beyond basic networking and logical programming patterns to get the students thinking about solving problems with basic robotics.