Hi [[ session.user.profile.firstName ]]

Countering Adversaries Part 3: Hacktivists and SQL Injection Attacks

Activists break into organizational web applications and databases to find personal and organizational data in order to expose this private information. The Verizon Data Breach investigations report says “Hacktivists generally act out of ideological motivations, but sometimes just for the fun and epic lutz.” In this third webcast of a three part series, (ISC)2 and Oracle will examine their number one tool of choice: SQL injection attacks. SQL injection attacks are both simple to perform and difficult to detect. We’ll discuss detecting and blocking SQL injection attacks in order to protect your most sensitive customer and organizational data from “epic lutz”.​
Recorded May 22 2014 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Roxana Bradescu, Director of Product Management, Database Security, Oracle & Brandon Dunlap, Brightfly
Presentation preview: Countering Adversaries Part 3: Hacktivists and SQL Injection Attacks

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Possessed! – Account Takeover Attacks (and How to Deal with Them) May 10 2018 5:00 pm UTC 75 mins
    Markus Jakobson, Chief Scientist, Agari; Brandon Dunlap (Moderator)
    Targeted email attacks continue to escalate as organizations deal with increasing numbers of phishing, spear phishing and ransomware attempts. But another attack vector, Account Takeovers (ATO), is affecting 44% of organizations (source: Agari research) and is posing a significant risk. This silent invasion occurs when a cybercriminal gains unauthorized access to a trusted email accounts to launch additional attacks that compromise various areas of an organization (such as gaining access to financial information, PII or enabling a larger data breach). How does an organization go about identifying such attacks, mitigating them and ensuring they don’t occur in the future? Join Agari and (ISC)2 on May 10, 2018 at 1:00PM Eastern for a discussion on Account Takeover attacks and what you can do to defend against them.
  • When the Hunted Becomes the Hunter – How to be a Threat Hunter Recorded: Mar 15 2018 57 mins
    Chris Witter, Sen Mgr, Falcon Overwatch; Aamir Lakhani, Dr. Chaos; Tom Gorup, Rook Security; Brandon Dunlap (Moderator)
    Organizations of all sizes continue to be targets of cyber criminals and the threats that they present. However, some organizations are taking a proactive approach and are hunting for these threats. But what exactly is “threat hunting"? How does it fit into the SOC? Should my organization be threat hunting? How could it help us? Do I leverage oustide expertise to augment my staff? Join Crowdstrike and (ISC)2 on March 15, 2018 at 1:00PM Eastern to learn how to go from being a guppy to a shark by exploring these questions and an examine the resources needed to threat hunt and the tools that can be employed to be successful.
  • You Want to Do What with My Cell Phone? Privacy Rights at Border Crossings Recorded: Feb 19 2018 45 mins
    Scott Giordano, Esq, MBA, MS, CISSP
    Imagine the following scenario: You enter (or return to) the United States and border officials demand that you hand over your cell phone and PIN. Or, perhaps you are stopped at a checkpoint or pulled over by law enforcement officials and they make the same demand. Suppose they want all passwords to access your data? Even worse, they want to copy all of your data – can they do that? Demands by law enforcement officials to search mobile devices without a warrant seem to be a daily occurrence. In this session, privacy industry veterans will discuss the legalities of searching cell phones and other mobile devices, including your rights and how you can minimize your exposure.
  • Plan the Work & Work the Plan – Continuing the Move to the Cloud Recorded: Feb 15 2018 58 mins
    Tom Thomas, Director of Enterprise Architecture, F5; Ryan Goode, Sr Mgr, Tech Ops, (ISC)2; Brandon Dunlap, Moderator
    Chances are, your organization has made a move to the cloud. In fact, most enterprises run approx. 45% of their applications and infrastructure in the cloud with that number sure to increase in the next 12 months. But as you relocate more into the cloud, what’s your strategy? What are you moving? What benefit are you seeking? Different businesses have different goals and objectives. Join F5 and (ISC)2 on February 15, 2018 at 1:00PM Eastern for a discussion on the continuing evolution of cloud migration and how organizations should prepare, strategize and execute their cloud journey while addressing operational needs, security concerns and the options that cloud-based services can bring.
  • The Future of Authentication in a Hyper Connected World Recorded: Jan 18 2018 59 mins
    Angel Grant, Dir, Identity, Fraud & Risk Mgmt., RSA; Clare Nelson; John Carnes, Anthem; Brandon Dunlap (moderator)
    With the ever increasing number of devices and applications that individuals use and access on a daily basis, the authentication of individuals has become paramount for organizations. It needs to be done faster, seamlessly and have less impact on the user. What can organizations do to meet this challenge? Are behavioral analytics an answer? What role does identity assurance play? What about multi-factor authentication? Biometrics? Join RSA and (ISC)2 on January 18, 2018 at 1:00PM Eastern for a discussion on where ID/Access management and authentication is going and how these future advancements can impact your organization.
  • From 10% to 100% Cloud in 3 Years: How (ISC)² is Doing it & Putting Security 1st Recorded: Jan 16 2018 49 mins
    Wesley Simpson, MSM, COO, (ISC)²
    (ISC)² COO Wesley Simpson, shares the association’s experience as (ISC)² transitions to a 100% cloud-based services model. This interactive discussion explores how (ISC)² decided to go all in with cloud, why the cloud was the best option, how the team ensured its cloud strategy mapped to operational needs, and how security is front and center throughout the entire process. Learn how we are doing it and share your cloud migration experiences. This discussion is for anyone thinking about moving to the cloud, already making the transition or even those who completed a cloud migration but still looking for best practices to apply.
  • Help Wanted! – Addressing the Cybersecurity Skills Shortage Recorded: Jan 15 2018 66 mins
    Gary Beach, Brandon Dunlap, Donald W. Freese, David Shearer, Deidre Diamond
    Panel Moderator: Gary Beach – Author: The U.S. Technology Skills Gap

    Panelist: Brandon Dunlap – Speaker, (ISC)²
    Panelist: Donald W. Freese – Deputy Assistant Director, F.B.I.
    Panelist: David Shearer, CISSP – CEO, (ISC)²
    Panelist: Deidre Diamond – Founder and CEO, CyberSN and #brainbabe
  • Agile Cloud Security Recorded: Jan 15 2018 61 mins
    Paul Oakes, CISSP, ISSAP, CCSP, CSM, CSPO, AWS PSA, Senior Enterprise Security Architect, TD Bank
    How does an established data center-centric organization with high trust and security needs move to the public cloud? How does a waterfall-model-oriented organization make such a move in a timely fashion so as to not be left behind by its competition? What does governance look like for such an organization's use of the public cloud? What can these organizations avoid doing wrong?

    These questions are answered by using the fundamentals of Agile methodologies: prioritization by highest value and risk; technical excellence; and continuous delivery of valuable products as seen through the lense of security principles. Those principles include least privilege, separation of duties, data protection, and visibility to examine and provide solutions for the trust, security and governance needs of cloud-new adopting organizations.
  • Cybersecurity Careers: It’s Not Just Hacking Recorded: Jan 15 2018 63 mins
    Deidre Diamond Founder and CEO CyberSN and brainbabe.org
    With more than 500,000 unfilled cybersecurity jobs, an industry made up of 10 percent women and a trend of 56 percent of women leaving tech inside 10 years, we have a big problem. The stereotype of a hoodie-clad man at a terminal in a dark room -- a myth our schools perpetuate -- is harmful. Those in cybersecurity can change this right now! Come discuss how to sell all the diverse cybersecurity jobs to women, so they will want to join us.
  • Cyber, Risk and Gender: Is There a White Male Effect in Cybersecurity? Recorded: Jan 4 2018 57 mins
    Stephen Cobb: CISSP, MSc, Senior Security Resesarcher ESET | Lysa Myers: Security Researcher III ESET
    Accurate assessment of risk is vital for effective cybersecurity, yet numerous studies show that perceptions of risk vary considerably, between demographic groups and along gender lines. Leveraging established research in areas like cultural theory of risk perception, plus original research by the authors, this session presents evidence of a “white male effect” leading to underestimation of technology risks. Could this account for the persistent insecurity of digital product design? Does it undermine efforts to protect information systems from criminal abuse? Given that most cybersecurity professionals are males who tend to see more risk in technology than their peers, the researchers explore the causes of white male effect, then suggest strategies for countering its influence, such as increasing diversity in technology companies and the cybersecurity workforce.
  • The Hot Potato – Who’s Responsible for Vulnerability Management in the Cloud? Recorded: Dec 19 2017 55 mins
    Michelle Cobb, CMO, Skybox; Joel Scambray, NCC Group; Derrick Butts, CIO, The Truth Initiative;Brandon Dunlap (Moderator)
    Organizations continue to rapidly move their workloads to the cloud as they benefit from the flexibility and agility this can provide. However, many security processes become increasingly difficult to manage in a Shared Responsibility model. Top among these is vulnerability management which is the key to visibility into virtual and multi-cloud networks. Join Skybox and (ISC)2 on December 19, 2017 at 1:00PM Eastern for our final ThinkTank of the year where we will discuss how to better prioritize and manage vulnerabilities and the best way to provide visibility (and thus, context) into the physical, virtual and multi-cloud environments all organizations find themselves dealing with now.
  • Rideshare to the Cloud: Cloud Security & the Shared Responsibility Model Recorded: Dec 14 2017 61 mins
    Ananda Rajagopal, VP, Products, Gigamon, Dan Watson, Managing Consultant CyberSecurity, IBM, Glenn Hernandez, Frm USCG CISO
    Public clouds provided by services like AWS and Azure continue to surge in popularity with organizations small and large. However, the security of these services and how the responsibility for it is shared can be murky. Organizations want to assure that the public cloud is being used properly by everyone in the enterprise and to run mission-critical applications while meeting compliance and security controls. Join Gigamon and (ISC)2 on Thursday, December 14, 2017 at 1:00PM Eastern for a roundtable discussion on public clouds and the shared responsibility model and how that can help to secure and protect your organization.
  • Cutting Through the FUD Factor – The Reality of Machine Learning Recorded: Nov 30 2017 59 mins
    Seth Geftic, Dir Product Mgmt, Sophos; Dr. Paulo Shakarian, ASU; Rob Ayoub, IDC; Brandon Dunlap, Moderator
    Machine learning (aka Artificial Intelligence) can be found in the marketing literature of a number of new solutions and offerings in the marketplace. But what exactly is it? FUD? Magic Dust? The “Next Big Thing”? There’s a lot of confusion and a lot of questions around this topic. What’s the false positive detection rate? How often does it need to be updated? Does it scale well? Join Sophos and (ISC)2 to explore these questions and more on November 30, 2017 at 1:00PM Eastern in our next ThinkTank webcast.
  • Resiliency is More Than A Mood: Building a Safer Homeland - Juliette Kayyem Recorded: Nov 22 2017 40 mins
    Juliette Kayyem, Founder, Kayyem Solutions, LLC
    Much of cybersecurity work focuses on preventing attacks and protecting vulnerabilities in the system, commonly referred to "left of boom" policies. Those are important efforts and an integral part of a security managers portfolio. But what happens when the vulnerability is exposed, by a state actor or an individual, and the consequences must be managed. How do we -- as corporations, individuals and a nation -- better invest in response, recovery and resiliency efforts? In this keynote, Juliette Kayyem will offer five important steps to building a more resilient system and what we all need to do to "keep calm and carry on."
  • It’s a Brave New Cybercrime World - Donald W. Freese Recorded: Nov 22 2017 64 mins
    Brandon Dunlap, Donald Freese
    Join us for a wide-ranging discussion with FBI Deputy Assistant Director Don Freese. The former director of the National Cyber Investigative Joint Task Force (NCIJTF), Mr. Freese will share his insights into how nation-state adversaries are changing the security game and the critical role that threat intelligence now plays in defending everything from our national security infrastructure to your own personal data. Moderator Brandon Dunlap hosts this interactive session, during which you will learn firsthand how this experienced cybersecurity professional views our readiness to secure our critical infrastructure, the shifting intersection of cybersecurity and law enforcement, the increasing need for public/private information-sharing partnerships and the evolving nature of the threats we are all facing.
  • Exchanging Cyber Threat Intelligence: There has to be a better way Recorded: Nov 16 2017 62 mins
    Dr. Larry Ponemon, Founder, Ponemon Institute; Krupa Srivatsan, Infoblox; Tom Gorup, Rook Security; B. Dunlap (Moderator)
    Today’s increasingly complex and stealthy threats are causing organizations difficultly in defending against them on their own. More and more companies are using multiple threat intelligence sources and reaching out to their peers for threat intelligence data. In fact, 66% of respondents in the recent 2017 Ponemon survey, “The Third Annual Study on Exchanging Cyber Threat Intelligence: There Has to Be a Better Way”, report that threat intelligence could have prevented or minimized the consequences of a cyber attack or data breach. Join Infoblox and (ISC)2 on November 16, 2017 at 12:00pm (Noon) Eastern where our panel will discuss top trends that describe the current state of threat intelligence sharing, how threat intelligence sharing and usage has changed from previous years and best practices to using threat intelligence effectively to counter attacks.
  • Using Managed Security Services? You Need Identity Management! Recorded: Nov 9 2017 56 mins
    Naresh Persaud, Sr. Dir. Security, Prod. Mgmt. CA; Greg Shanton, VP Cyber Security, Neovera; B. Dunlap
    Set to double in the next two years, the managed security services market is being driven by the rising cost of security. One MSP found the formula for success by using Identity Management not only to streamline internal security controls but to also help customers reduce risk. If you are using or planning to use managed security services, join CA and (ISC)2 on November 9, 2017 at 1:00PM Eastern to discover the security requirements that require identity and access. We'll discuss use cases managed security companies are addressing and provide insight on how best of breed companies are adapting.
  • Reducing the Attack Surface via Internet Reconnaissance, Automation & Mitigation Recorded: Oct 26 2017 59 mins
    Benjamin Powell, Technical Marketing Manager; John Carnes, Anthem; Dustin Sachs, Navigant; Brandon Dunlap (Moderator)
    Business digital transformation has outpaced conventional cyber defenses. Adversaries no longer attack Firewalls or maneuver laterally between systems to wreak havoc on operations, customers and brands. External threats are the root cause for the majority of today’s incidents and breaches. A recent IDG survey revealed that 70% of enterprises have zero to modest confidence in the ability to reduce their digital attack surface. VA scanners, pen testing and systems tools all provide visibility and control of internal assets, but they fail on the vast number of dynamic web systems, web apps and other components connected to a business and are blind to subsidiaries, ecosystem, global and hosted sites, and service providers - all with possible susceptibility. How can SOC and GRC teams gain the active discovery and direct insight needed to respond to exposed external facing exposed assets - even those not under control of IT? Join RiskIQ and (ISC)2 on October 26, 2017 at 1:00PM Eastern as we explore how to leverage advanced internet reconnaissance, automation, and mitigation to address mounting digital attack surface gaps.
  • A NIST Guide on How Identity Management is Reshaping Cyber Security Recorded: Oct 12 2017 60 mins
    Bill Newhouse, Deputy Director, NICE; Naresh Persaud, Sr. Dir. Security; Prod Mktg, CA; Spencer Wilcox; Brandon Dunlap
    Did you know that 80% of data breaches implicate lost, stolen and weak credentials, as well as excessive access as culprits? NIST’s National Cybersecurity Center of Excellence (NCCoE) is helping companies better understand how to apply standards-based, commercially available technologies to improve their cybersecurity posture. The NCCoE’s security control mappings, reference designs, and lab implementations can be used as roadmaps or checklists for organizations looking to bolster their cybersecurity programs. Join CA and (ISC)2 on October 12, 2017 at 1:00PM Eastern for our ThinkTank where our expert panel will take an in depth look at how Identity Management is shaping the recommendations and requirements for the next generation of cyber security controls.
  • Shoring up Your Defenses by Leveraging Analytics and Machine Learning Recorded: Aug 24 2017 65 mins
    Mark McGovern, VP, Product Mgmt., CA; John Carnes, Infosecurity Senior Adviser, Anthem; Erik Von Geldern, FXCM
    Attackers are getting quicker and more sophisticated. Today's enterprise defenders aren’t able to withstand the pace and complexities of the threats they face. Automated tools and intelligence are being deployed to breach your IT infrastructure and access your priceless data by targeting privileged accounts. In playing defense, security teams must become proactive, not reactive and use data and analytics in a meaningful way, being more effective and agile in detecting attackers and quickly thwarting them. Join CA Technologies and (ISC)2 on August 24, 2017 at 1:00PM Eastern for a discussion on emergence of machine learning and security analytics as tools that organizations can leverage to defend their data and some practical ways it can be used to protect key assets such as privileged accounts.
Regular roundtable discussions on a variety of infosecurity topics.
(ISC)2 hosts regular panel discussions on hot button infosecurity topics featuring thought leaders and visionaries from the industry who answer questions from the audience.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Countering Adversaries Part 3: Hacktivists and SQL Injection Attacks
  • Live at: May 22 2014 5:00 pm
  • Presented by: Roxana Bradescu, Director of Product Management, Database Security, Oracle & Brandon Dunlap, Brightfly
  • From:
Your email has been sent.
or close