OWASP MSP Presents
The Permissions Your Database Users Really Need
Date: Monday, June 18th, 2012
5:30 PM Room opens for networking and CPE signup
6:15 PM Welcome: OWASP chapter update
6:30 PM Dan Cornell
7:45 PM Wrap-up
Thank You Cargill for sponsoring our meeting location
Talk Title: What Permissions Does Your Database User REALLY Need?
Abstract:Attaching web applications to databases as “sa” or “root” might be easy but it is also a horrible idea. This presentation provides a methodology as well as tools to create fine-grained database user permissions based on application-specific requirements. The negative impact of permissive database user account permissions is demonstrated alongside the potential benefits of constrained database user access. Tools for the automated creation of security-role-specific MySQL user permission policies will be demonstrated and these will be used as a model for making “least privilege” database accounts a standard practice in web application deployment.
*You must be registered for the event to attend.
Please contact Lorna at firstname.lastname@example.org or 651-338-0243 if you would like to sponsor a meeting or meeting location for an upcoming OWASP MSP meeting.
When & Where
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. The OWASP Minneapolis-St. Paul chapter was host to OWASP AppSec USA 2011 at the Minneapolis Convention Center September 20-23, 2011. Get the presentation material at http://www.appsecusa.org/.