Denim Group has been acquired by Coalfire. Learn More>>

Denim Group at SOURCE Boston 2012: What Permissions Does Your Database User REALLY Need?

SOURCE Boston 2012 is next week and I’ll be up there Tuesday and Wednesday. I’ll be presenting “What Permissions Does Your Database User REALLY Need” from 2:00pm – 2:50pm on Tuesday April 17th. The abstract for the talk is:

Attaching web applications to databases as “sa” or “root” might be easy but it is also a horrible idea. This presentation provides a methodology as well as tools to create fine-grained database user permissions based on application-specific requirements. The negative impact of permissive database user account permissions is demonstrated alongside the potential benefits of constrained database user access. Tools for the automated creation of security-role-specific MySQL user permission policies will be demonstrated and these will be used as a model for making “least privilege” database accounts a standard practice in web application deployment.

I’ll be introducing a tool called “sqlpermcalc” during the talk that takes a set of SQL queries run through a MySQL database and uses them to create a “least privilege” set of permissions that would be required to run those queries. You can get a preview of the sqlpermcalc code at the Github site here.

Contact us if you would like to meet up at SOURCE Boston 2012.

dan _at_


Posted via email from Denim Group’s Posterous

About Dan Cornell

Dan Cornell Web Resolution

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *