Nov 06, 2018
 Percona Live Open Source Database Conference Europe 2018
  David Busby

Web application security - why you should review yours

In this talk, we take a look at the whole stack and I don't just mean LAMP,
we'll cover what an attack surface is and some areas you may look to ensure
that you can reduce it.

What's an attack surface?

Acronym Hell, what do they mean?

Vulnerability naming is this media naming stupidity or driving the message
home?
Detection, Prevention and avoiding the boy who cried wolf.
Emerging technologies to keep an eye on or even implement yourself to help
improve your security posture.

A live compromise demo (or backup video if something fails) which covers
compromising a PCI compliant network structure to reach the database system
and ultimately exploit multiple failures to gain bash shell access over the
MySQL protocol.



About the Author

David Busby

David has been a Linux systems admin for around 14 years, and generally in different roles - development, network admin, support, DBA, and more. He is a Fedora user and a fan of puppet (not so much the hat - nor Bert & Ernie, however). As time allows, he contributes to the EPEL packages for Openstack. He has an interest in infosec, and so is generally paranoid about security. He is also familiar with metasploit, sqlmap, john, oclHashCat, and has also written a few python tools. Living in Whitchurch, United Kingdom, he holds a 2nd dan black belt in Ju-Jitsu and, with his Father and Uncle, helps to teach at a local non-profit club with ages ranging from 6+. He also teaches computing to students at a local school using the Raspberry Pi as the platform running Raspbian. He is proud that they're starting to grow beyond basic networking and logical programming patterns to get the students thinking about solving problems with basic robotics.