Buffalo Event - Friday, December 7

Here is where we post UNYOUG events. The latest three entries show up on the right side of the main page for registration.
Post Reply
sam
Site Admin
Posts: 499
Joined: Mon Apr 09, 2007 11:56 am
Location: Rochester, NY

Buffalo Event - Friday, December 7

Post by sam »

UNYOUG Event
Friday, December 7, 2007

Buffalo State College
Buffalo NY

Bacon Hall Room 117



Area Map: http://www.buffalostate.edu/pdf/campusmap.pdf
Parking: See below

Presentations:

Tentative Agenda:

8:30     -     9:00    Registration and Networking, Continental Breakfast
9:00     -     9:15    Welcome
9:15     -    10:15   Wait-Time Based Oracle Performance Management - Confio Software
10:15   -    10:30   Break
10:30   -    11:30   Database Security Solving SQL injection Abstract - Sentrigo
11:30   -    12:30   Lunch
12:30   -     1:00    Oracle update, OpenWorld discussion
1:00     -     2:00    RMAN - ITEC
2:00     -     2:15    Break
2:15     -     3:15    DataGuard - ITEC
3:15     -               Raffles & wrap-up

Win one of two pairs of Buffalo Sabres tickets, courtesy of Serverware!

**Free Parking on Campus**
Free parking passes will be provided.  Tell us where to send it when registering, or get one on arrival.  The closest lot is Lot Y.

Registration:
A continental breakfast and lunch will be provided.  We need a count of persons attending to properly plan for this event.  If you are planning to attend, please pre-register for the meeting here:  http://www.unyoug.com/register.php.

Membership & Fees:
UNYOUG membership is $20 per year.  The fee for this event is waived!

Thanks!
Last edited by sam on Tue Dec 04, 2007 5:40 pm, edited 2 times in total.
sam
Site Admin
Posts: 499
Joined: Mon Apr 09, 2007 11:56 am
Location: Rochester, NY

Post by sam »

Wait-Time Based Oracle Performance Management
Matt Larson, CTO and Founder, Confio


There are many ways to use Oracle wait events for performance tuning of an Oracle database, but often there is confusion on exactly what the data means. The issue typically centers around the fact the wait event data is analyzed at the wrong level or the collected wait event data is not detailed enough. This presentation will focus on these problems and review several real-life case studies of using wait event data coupled with Wait-Time based performance analysis to solve the most difficult performance related issues.

Matt Larson is the Chief Technology Officer at Confio Software where he is responsible for current and future product strategy. Mr. Larson founded Confio Software, led the initial round of external financing, and led the company to first revenues and customer adoption. Prior to his involvement at Confio, Mr. Larson helped found an oil and gas technology company. In the span of a year, the company grew from four employees to over two hundred employees while raising over $110 million in venture capital. Mr. Larson is an international speaker on topics related to database technology. He also is the co-author of five, best-selling technology books. Mr. Larson holds a Bachelor of Science in Business Administration from the University of Colorado where he graduated 1st in his class. He is also a member of the Mensa Society.
sam
Site Admin
Posts: 499
Joined: Mon Apr 09, 2007 11:56 am
Location: Rochester, NY

Post by sam »

Solving SQL injections that exploit zero-day vulnerabilities
Todd P. DeSantis, Sentrigo


Synopsis:
Though many types of SQL injection can be prevented by secure coding practices, one can limit and even stop SQL injection attacks by deploying the correct tools to protect applications and databases. Certain classes of SQL injection, including those exploiting zero-day vulnerabilities, can be entirely blocked by deploying deep inspection tools, which will be demonstrated in the presentation.

Takeaway:
This course will present a new angle on a popular attack vector on the database layer of applications: SQL Injection.
We will describe types and techniques of SQL Injection attacks on both web applications and built-in database stored program units.
We will show how simple SQL Injection can be used to own the database server through the means of privilege escalation.
We will also list ways of preventing SQL Injection attacks - ranging from secure coding practices to various external tools that will alert and prevent SQL Injection attempts, and demonstrate how hacker techniques of evasion can be used to subvert them.
Finally, we will introduce new deep inspection tools that can prevent SQL injection, even in zero-day scenarios.

Take away points:
•   What is an SQL Injection attack
•   Secure coding practices
•   Existing tools for SQL Injection prevention and techniques to evade them
•   New resilient technologies used to solve entirely SQL injections, even those exploiting zero-day vulnerabilities

Todd DeSantis brings a wealth of technical knowledge and a passion for using technology to better society to his position as lead North American Sales Engineer at Sentrigo. With a background in computer science from Worcester Polytechnic Institute, Todd has been using his understanding of computer programming and database systems throughout his career. At Sentrigo Todd is striving to bring a higher level of database security and safety to the enterprise. Prior to Sentrigo Todd successfully helped Fortune 50 companies rethink data access paradigms with Endeca Technologies. Todd started his career at Enerjy Technologies where he helped organizations improve overall levels of Java code quality and visibility. In his spare time Todd, an avid audiophile, enjoys working toward creating the 'absolute sound' with hi-fi audio systems, and enjoys many different genres of music.
sam
Site Admin
Posts: 499
Joined: Mon Apr 09, 2007 11:56 am
Location: Rochester, NY

Post by sam »

RMAN
Paul Hebert, Senior Programmer/Analyst, Information Technology Exchange Center


ITEC is moving from a scripted backup environment to one that makes use of Oracle's RMAN product.  The plan is to deploy and manage this via Grid Control.
sam
Site Admin
Posts: 499
Joined: Mon Apr 09, 2007 11:56 am
Location: Rochester, NY

Post by sam »

Data Guard
Erik Snyder, Senior Programmer/Analyst, Information Technology Exchange Center


Will discuss how ITEC will utilize Data Guard to safeguard campuses databases.  Data Guard concepts and practical 'how to' information will be shared.
Post Reply