CICEM2013 Workshops

 

ORACLE Cloud Computing, and Security Workshop

Dr. Amjad M Daoud

Oracle Certified Professional (OCP DBA)


ABSTRACT:

The Oracle Exadata and RAC Workshop is a hands-on workshop. It is meant for IT Security Managers, who are serious about addressing their information infrastructure challenges. The focus of the workshop is the Oracle database environment. At the end of the workshop session, attendees will understand how to:

  • Establish a first line of defense against SQL Injection to block and monitor malicious or unauthorized database activity using the Oracle Database Firewall

  • Encrypt Sensitive Data using the Advanced Security Option

  • Enforce Strict Access Controls Policy and Separation of Duties using Database Vault

  • Simplify and Automate Database Audit and Compliance Reporting using Audit Vault

Attendee Requirements: attendees must bring Network Aware Laptop

Agenda:
Welcome & Introductions
 
Describe Oracle RAC 11g R2
Describe Oracle Cloud Computing, ExaData With Oracle RAC 11g R2, and Grid Infrastructure
Encrypting Sensitive Data
Advanced Security Option Lab
Enforcing Strict Access Controls Policy and Separation of Duties
Database Vault Lab
Simplify and Automate Database Audit and Compliance Reporting
Audit Vault Lab
Establish a First Line of Defense to Block SQL Injection
Database Firewall
 
Summary, Close & Evaluations
 

 

The Concept of the Windows Communication Foundation Framework

Director Khair Ardah

MCP, MCAD.Net, MCSD.Net, MCDBA, MCT, MCTS

ABSTRACT:

Securing distributed systems continues to be an important research challenge. One hard problem in securing a distributed system arises from the fact that a remote software platform may be compromised and running malicious code. In particular, a compromised platform may exhibit arbitrarily malicious behavior. The task of remote code attestation then is to identify what software is running on a remote platform and to detect a corrupted participant. (BIND: A Fine-grained Attestation Service for Secure Distributed Systems, Carnegie Mellon University).
 
So that in our Presentation we will focus on the Concept of WCF Framework, and how to use it to secure these systems.
 

Agenda:
Welcome & Introductions
 
Distributed System Overivew
Brief History of Service Orientation
Introducing Windows Communication Foundation
WCF Architecture
WCF Bindings Protocol
WCF Security Mode and Transfer Protection Level
Client Credential Type
 
Summary, Close & Evaluations

 

 

 

Introduction to MapReduce


MapReduce may be Google's secret weapon for dealing with enormous quantities of data, but many programmers see it as intimidating and obscure. This video master class shows you how to build simple MapReduce jobs, using concrete use cases and descriptive examples to demystify the approach. All you need to get started is basic knowledge of Python and the Unix shell.

Agenda:
Welcome & Introductions
 
What is MapReduce?
Your First MapReduce Job
Running a Job on Amazon's Elastic MapReduce
Running Larger Jobs
 
Summary, Close & Evaluations
 

 

Web Security Vulnerabilities


Director Khair Ardah

MCP, MCAD.Net, MCSD.Net, MCDBA, MCT, MCTS

ABSTRACT:

"No language can prevent insecure code, although there are language features which could aid or hinder a security-conscious developer." "-Chris Shiflett 
 

For many organizations, web sites serve as mission critical systems That must operate smoothly to process millions of dollars in daily Online transactions. However, the actual value of a web site needs to Be appraised on a case-by-case basis for each organization. Tangible And intangible value of anything is difficult to measure in monetary Figures alone. 
Web security vulnerabilities continually impact the risk of a web site. When any web security vulnerability is identified, performing the Attack requires using at least one of several application attacks Techniques. These techniques are commonly referred to as the class Of attack (the way security vulnerability is taken advantage of).  Many of these types of attack have recognizable names such as Buffer Overflows, SQL Injection, and Cross-site Scripting. As a Baseline, the class of attack is the method the Web Security Threat Classification will use to explain and organize the threats to a web Site. So, in This Workshop we will discuss 4 common used Vulnerabilities to attack any website as follow:

  1. Cross Site Scripting.

  2. Form and Parameter Tampering.

  3. SQL Injection.

  4. Session/cookies stolen and poisoning.


 
Agenda:
Welcome & Introductions
Introduce Web Applications Vulnerabilities
SQL Injection with Demo
Cross Site Scripting with Demo
Form and Parameter Tampering with Demo
Session/Cookies Stolen and poisoning with Demo
Summary, Close & Evaluations
 

 

©2013 Jordan ACM Professional Chapter - ISWSA