[cs615asa] HW#N--Xiaoyan Zheng
Xiaoyan Zheng
xzheng9 at stevens.edu
Thu Apr 30 21:23:57 EDT 2015
Hello,
I have joined the meetup "Cyber Security Meet-up @ UBS" , on April 15th.
There were four sessions in this meeting. Section 1 was "New York Metro
Joint Cyber Security Conference"; section 2 was "Exploiting SAP ASE via SQL
injections in database core"; section 3 was "Teaching the Teachers:
Building NextGen Cyber Warriors & Defenders", and section 4 was "Unifying
Appsec Automation Across Dev and Ops with Deep Security Instrumentation".
Only section 2 to 4 related to system administration. In the meeting,
Martin Rakhmanov talked something about database security. Firstly, He told
us what is SQL injection, and what is asp adaptive server enterprise. Then
he showed us how internal sqli could be exploited. As he said, internal
sqli could be utilized from a web application to gain control of the server
and desttop application which having normal commands. At the end of Martin
Rakhmanov's talk, he also pointed out that in order to prevent SQL
injection, it is needed to monitor database activity, patch on time as well
as watch for the security notes.
In section 3, two guys talked something about the education of cyber
security. The growing of cyber field, hacks, network security and
application security as well, made it much more important for people to pay
attention to system security. In the talk, they pointed out that class of
cyber security were not required in school till now, however, they thought,
it was needed for students to learn such class.They also said, corporations
would help enhancing the education of cyber security.
In the last section, Jeff Williams gave us a talk about "Unifying Appsec
Automation Across Dev and Ops with Deep Security Instrumentation". In his
talk, he points out how people doing in recent years, there are only 22.4
assurance, and 10% coverage of system security, and also, process fit mad.
Then he showed us two kinds of testing tools, one is SAST, and another one
is DAST.
The website of this meetup is,
http://www.meetup.com/OWASP-NYC/events/219884058/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20150430/af28eb37/attachment-0001.html>
More information about the cs615asa
mailing list