Have you ever wondered how vulnerable your data is? This is your chance to learn how to protect your company's greatest asset and liability. Treat yourself with Rob Lockard's vast knowledge in this area.

Holistic Database Security

For years we have been locking down the software to protect information. This presentation puts the focus where it belongs: identifying, protecting, and selecting the correct tools to protect your data.

Starting with a brief history of security breaches and the impact to both companies and consumers, the presenter will move through a methodology of identifying sensitive information, creating a risk matrix, and which tools are available to mitigate information leaks.

Attack Vector: how does your information leak. Including an open and frank discussion of organized gangs (ie Anonymous)

Risk identification and mitigation. Identify the risks in your system and come up with mitigation strategies.

Audit. Identify what to audit based on your risks. Audit too much and you will get bogged down, too little audit and you may miss a breach of security.

Database encryption. Encrypting the database, the tablespace, the tables or atomic data? What is the cost and how do you accomplish it.

Network encryption. What are the risks of man in the middle attack? How to setup network encryption.

Backup encryption. What are the risks of losing a backup tape? How to encrypt backups using RMAN.

Data redaction. Who gets to see sensitive data? Do you want to expose credit card numbers or other PII to users? Introduction on how to setup data redaction.

PL/SQL Secure Coding practices

This is a 45 minute session that is an expansion to “Holistic Database Security” presentation that will help you secure your high performance code from sql injection attacks.

We will examines common errors in pl/sql that leads to sql injection attacks. This session will define the sql injection attack vector and various ways to write code that is immune to sql injection and improve the performance of your code.

-We will be covering a code architecture that separate data from code that also helps trace bottlenecks.

-We will be covering Oracle PL/SQL 12C features that limit access paths to data thereby implementing part of the trusted path.

-We will be covering other PL/SQL features from before 12C that help to ensure your pl/sql does what you expect it to do.

• We will covering how to handle errors in your code. One of the first thing an attacker will try to generate is error messages to learn about your system. These error messages can tell the attacker what database and version you are running, and is their sql injection attack properly constructed.
  --------------------------------------------------------------------------------------

Bio

Robert P. Lockard Oracle ACE Director, a professional Oracle DBA, Designer, Developer, and Project Manager. For the past twenty years he has worked as an independent consultant providing quality services to his customers at a reasonable price. He’s worked in Financial Intelligence tracking money laundering, terrorist money and identity theft. He’s also have worked in the Cyber Crimes arena tracking attacks on information systems. Robert specializes in evaluating and securing your Oracle database environment from threats both external and internal.

In 1987 Robert’s boss called him into his office and told him that he is now their Oracle Wizard then handed him a stack of Oracle tapes Since then, Robert has worked exclusively as an Oracle database designer, developer and Database Administrator and project manager.

Robert enjoys flying vintage aircraft, racing sailboats, photography, and technical diving. He owns and flys the “Spirit of Baltimore Hon” a restored 1948 Ryan Navion and live in Glen Burnie Maryland on Marley Creek