Denim Group hosted the February meeting of the San Antonio chapter of the Open Web Application Security Project (OWASP). Dan Cornell presented and the topic was “The Second Most Secure Database” The presentation abstract was:
The most secure database server is one that is turned off, disconnected from the network, and sealed in cement. Unfortunately this database is not terribly useful. In the real world the database must be turned on, on the network, and processing queries. This presentation will explore the threats to databases and discuss technologies and techniques for mitigating these risks. This will include a STRIDE-based threat model for a typical database server backing a web application and specific examples will be explored for both Microsoft’s SQL Server 2005 and MySQL 5.0.
We had a great turnout, including one brave developer who came down from Austin to learn more about securing web application databases.
The slide deck from the presentation is online here.