UNYOUG Event
Friday, December 7, 2007
Buffalo State College
Buffalo NY
Bacon Hall Room 117
Area Map: http://www.buffalostate.edu/pdf/campusmap.pdf
Parking: See below
Presentations:
Tentative Agenda:
8:30 - 9:00 Registration and Networking, Continental Breakfast
9:00 - 9:15 Welcome
9:15 - 10:15 Wait-Time Based Oracle Performance Management - Confio Software
10:15 - 10:30 Break
10:30 - 11:30 Database Security Solving SQL injection Abstract - Sentrigo
11:30 - 12:30 Lunch
12:30 - 1:00 Oracle update, OpenWorld discussion
1:00 - 2:00 RMAN - ITEC
2:00 - 2:15 Break
2:15 - 3:15 DataGuard - ITEC
3:15 - Raffles & wrap-up
Win one of two pairs of Buffalo Sabres tickets, courtesy of Serverware!
**Free Parking on Campus**
Free parking passes will be provided. Tell us where to send it when registering, or get one on arrival. The closest lot is Lot Y.
Registration:
A continental breakfast and lunch will be provided. We need a count of persons attending to properly plan for this event. If you are planning to attend, please pre-register for the meeting here: http://www.unyoug.com/register.php.
Membership & Fees:
UNYOUG membership is $20 per year. The fee for this event is waived!
Thanks!
Buffalo Event - Friday, December 7
Buffalo Event - Friday, December 7
Last edited by sam on Tue Dec 04, 2007 5:40 pm, edited 2 times in total.
Wait-Time Based Oracle Performance Management
Matt Larson, CTO and Founder, Confio
There are many ways to use Oracle wait events for performance tuning of an Oracle database, but often there is confusion on exactly what the data means. The issue typically centers around the fact the wait event data is analyzed at the wrong level or the collected wait event data is not detailed enough. This presentation will focus on these problems and review several real-life case studies of using wait event data coupled with Wait-Time based performance analysis to solve the most difficult performance related issues.
Matt Larson is the Chief Technology Officer at Confio Software where he is responsible for current and future product strategy. Mr. Larson founded Confio Software, led the initial round of external financing, and led the company to first revenues and customer adoption. Prior to his involvement at Confio, Mr. Larson helped found an oil and gas technology company. In the span of a year, the company grew from four employees to over two hundred employees while raising over $110 million in venture capital. Mr. Larson is an international speaker on topics related to database technology. He also is the co-author of five, best-selling technology books. Mr. Larson holds a Bachelor of Science in Business Administration from the University of Colorado where he graduated 1st in his class. He is also a member of the Mensa Society.
Matt Larson, CTO and Founder, Confio
There are many ways to use Oracle wait events for performance tuning of an Oracle database, but often there is confusion on exactly what the data means. The issue typically centers around the fact the wait event data is analyzed at the wrong level or the collected wait event data is not detailed enough. This presentation will focus on these problems and review several real-life case studies of using wait event data coupled with Wait-Time based performance analysis to solve the most difficult performance related issues.
Matt Larson is the Chief Technology Officer at Confio Software where he is responsible for current and future product strategy. Mr. Larson founded Confio Software, led the initial round of external financing, and led the company to first revenues and customer adoption. Prior to his involvement at Confio, Mr. Larson helped found an oil and gas technology company. In the span of a year, the company grew from four employees to over two hundred employees while raising over $110 million in venture capital. Mr. Larson is an international speaker on topics related to database technology. He also is the co-author of five, best-selling technology books. Mr. Larson holds a Bachelor of Science in Business Administration from the University of Colorado where he graduated 1st in his class. He is also a member of the Mensa Society.
Solving SQL injections that exploit zero-day vulnerabilities
Todd P. DeSantis, Sentrigo
Synopsis:
Though many types of SQL injection can be prevented by secure coding practices, one can limit and even stop SQL injection attacks by deploying the correct tools to protect applications and databases. Certain classes of SQL injection, including those exploiting zero-day vulnerabilities, can be entirely blocked by deploying deep inspection tools, which will be demonstrated in the presentation.
Takeaway:
This course will present a new angle on a popular attack vector on the database layer of applications: SQL Injection.
We will describe types and techniques of SQL Injection attacks on both web applications and built-in database stored program units.
We will show how simple SQL Injection can be used to own the database server through the means of privilege escalation.
We will also list ways of preventing SQL Injection attacks - ranging from secure coding practices to various external tools that will alert and prevent SQL Injection attempts, and demonstrate how hacker techniques of evasion can be used to subvert them.
Finally, we will introduce new deep inspection tools that can prevent SQL injection, even in zero-day scenarios.
Take away points:
• What is an SQL Injection attack
• Secure coding practices
• Existing tools for SQL Injection prevention and techniques to evade them
• New resilient technologies used to solve entirely SQL injections, even those exploiting zero-day vulnerabilities
Todd DeSantis brings a wealth of technical knowledge and a passion for using technology to better society to his position as lead North American Sales Engineer at Sentrigo. With a background in computer science from Worcester Polytechnic Institute, Todd has been using his understanding of computer programming and database systems throughout his career. At Sentrigo Todd is striving to bring a higher level of database security and safety to the enterprise. Prior to Sentrigo Todd successfully helped Fortune 50 companies rethink data access paradigms with Endeca Technologies. Todd started his career at Enerjy Technologies where he helped organizations improve overall levels of Java code quality and visibility. In his spare time Todd, an avid audiophile, enjoys working toward creating the 'absolute sound' with hi-fi audio systems, and enjoys many different genres of music.
Todd P. DeSantis, Sentrigo
Synopsis:
Though many types of SQL injection can be prevented by secure coding practices, one can limit and even stop SQL injection attacks by deploying the correct tools to protect applications and databases. Certain classes of SQL injection, including those exploiting zero-day vulnerabilities, can be entirely blocked by deploying deep inspection tools, which will be demonstrated in the presentation.
Takeaway:
This course will present a new angle on a popular attack vector on the database layer of applications: SQL Injection.
We will describe types and techniques of SQL Injection attacks on both web applications and built-in database stored program units.
We will show how simple SQL Injection can be used to own the database server through the means of privilege escalation.
We will also list ways of preventing SQL Injection attacks - ranging from secure coding practices to various external tools that will alert and prevent SQL Injection attempts, and demonstrate how hacker techniques of evasion can be used to subvert them.
Finally, we will introduce new deep inspection tools that can prevent SQL injection, even in zero-day scenarios.
Take away points:
• What is an SQL Injection attack
• Secure coding practices
• Existing tools for SQL Injection prevention and techniques to evade them
• New resilient technologies used to solve entirely SQL injections, even those exploiting zero-day vulnerabilities
Todd DeSantis brings a wealth of technical knowledge and a passion for using technology to better society to his position as lead North American Sales Engineer at Sentrigo. With a background in computer science from Worcester Polytechnic Institute, Todd has been using his understanding of computer programming and database systems throughout his career. At Sentrigo Todd is striving to bring a higher level of database security and safety to the enterprise. Prior to Sentrigo Todd successfully helped Fortune 50 companies rethink data access paradigms with Endeca Technologies. Todd started his career at Enerjy Technologies where he helped organizations improve overall levels of Java code quality and visibility. In his spare time Todd, an avid audiophile, enjoys working toward creating the 'absolute sound' with hi-fi audio systems, and enjoys many different genres of music.