Presented at
Black Hat USA 2016,
Aug. 3, 2016, 11:30 a.m.
(50 minutes).
A recent security review by David Litchfield of Oracle's eBusiness Suite (fully patched) revealed it is vulnerable to a number of (unauthenticated) remote code execution flaws, a slew of SQL injection vulnerabilities and Cross Site Scripting bugs. Used by large corporations across the globe the question becomes how does one secure this product given its weaknesses. This talk will examine those weakness with demonstration exploits then look at how one can protect their systems against these attacks.
Presenters:
-
David Litchfield
- Google
David Litchfield is recognized as one of the world's leading authorities on database security. He is the author of the Oracle Hacker's Handbook, the Database Hacker's Handbook, SQL Server Security and is the co-author of the Shellcoder's Handbook. With over 220 CVE-IDs attributed to David since 1999, and after 8 CERT advisories issued based upon his research (no - he didn't write SQL Slammer but he did find the flaw it exploited!), he is currently working for Google as a security engineer.
Links:
Similar Presentations: