CICEM2012 Workshops

 

ORACLE ExaData, RAC 11g R2 and Grid Infrastructure

Workshop

Alaa Abu Haltam 

Oracle Certified Professional (OCP DBA)

ABSTRACT:

The Oracle Exadata and RAC Workshop is a hands-on workshop. It is meant for IT Security Managers, who are serious about addressing their information infrastructure challenges. The focus of the workshop is the Oracle database environment.

Alaa Abu Haltam  - Short Bio:

 

Agenda:
Welcome & Introductions
Describe Oracle RAC 11g R2
Install the Grid Infrastructure (Clusterware + ASM)
ExaData With Oracle RAC 11g R2 and Grid Infrastructure
Summary, Close & Evaluations
 

 Oracle Security Workshop

Amjad M Daoud, Ph.D.

Oracle Certified Professional (OCP DBA)

ABSTRACT:

The Oracle Database Security Workshop is a hands-on workshop. It is meant for IT Security Managers, who are serious about addressing their information protection, their customers privacy, and accountability challenges. The focus of the workshop is the Oracle database environment.

At the end of the workshop session, attendees will understand how to:

  • Establish a first line of defense against SQL Injection to block and monitor malicious or unauthorized database activity using the Oracle Database Firewall

  • Encrypt Sensitive Data using the Advanced Security Option

  • Enforce Strict Access Controls Policy and Separation of Duties using Database Vault

  • Simplify and Automate Database Audit and Compliance Reporting using Audit Vault

Attendee Requirements: attendees must bring Network Aware Laptop

 

Dr. Amjad M Daoud - Short Bio:

Dr. Daoud worked for Digital, Oracle Rdb, EMC and Network Appliance mainly on storage system for large databases; and currently teaches Oracle development, administration, and security in many leading universities in Jordan.

Agenda:
Welcome & Introductions
Encrypting Sensitive Data
Advanced Security Option Lab
Enforcing Strict Access Controls Policy and Separation of Duties
Database Vault Lab
Simplify and Automate Database Audit and Compliance Reporting
Audit Vault Lab
Establish a First Line of Defense to Block SQL Injection
Database Firewall
Summary, Close & Evaluations
 

The Concept of the Windows Communication Foundation Framework

Director Khair Ardah

MCP, MCAD.Net, MCSD.Net, MCDBA, MCT, MCTS

ABSTRACT:

Securing distributed systems continues to be an important research challenge. One hard problem in securing a distributed system arises from the fact that a remote software platform may be compromised and running malicious code. In particular, a compromised platform may exhibit arbitrarily malicious behavior. The task of remote code attestation then is to identify what software is running on a remote platform and to detect a corrupted participant. (BIND: A Fine-grained Attestation Service for Secure Distributed Systems, Carnegie Mellon University).
 
So that in our Presentation we will focus on the Concept of WCF Framework, and how to use it to secure these systems.
 
Agenda:
1. Distributed System Overivew.
2. Brief History of Service Orientation.
3. Introducing Windows Communication Foundation.
4. WCF Architecture.
5. WCF Bindings Protocol.
6. WCF Security Mode and Transfer Protection Level.
7. Client Credential Type.
8. Speaker Panels

 

 

 

 

Introduction to MapReduce

Pete Warden

MapReduce may be Google's secret weapon for dealing with enormous quantities of data, but many programmers see it as intimidating and obscure. This video master class shows you how to build simple MapReduce jobs, using concrete use cases and descriptive examples to demystify the approach. All you need to get started is basic knowledge of Python and the Unix shell.

Agenda:
Welcome & Introductions
 
What is MapReduce?
Your First MapReduce Job
Running a Job on Amazon's Elastic MapReduce
Running Larger Jobs
 
Summary, Close & Evaluations
 

 

 

Web Security Vulnerabilities

Director Khair Ardah

MCP, MCAD.Net, MCSD.Net, MCDBA, MCT, MCTS

ABSTRACT:

"No language can prevent insecure code, although there are language features which could aid or hinder a security-conscious developer." "-Chris Shiflett 
 

For many organizations, web sites serve as mission critical systems That must operate smoothly to process millions of dollars in daily Online transactions. However, the actual value of a web site needs to Be appraised on a case-by-case basis for each organization. Tangible And intangible value of anything is difficult to measure in monetary Figures alone. 
Web security vulnerabilities continually impact the risk of a web site. When any web security vulnerability is identified, performing the Attack requires using at least one of several application attacks Techniques. These techniques are commonly referred to as the class Of attack (the way security vulnerability is taken advantage of).  Many of these types of attack have recognizable names such as Buffer Overflows, SQL Injection, and Cross-site Scripting. As a Baseline, the class of attack is the method the Web Security Threat Classification will use to explain and organize the threats to a web Site. So, in This Workshop we will discuss 4 common used Vulnerabilities to attack any website as follow:

  1. Cross Site Scripting.

  2. Form and Parameter Tampering.

  3. SQL Injection.

  4. Session/cookies stolen and poisoning.


 
Director Khair Ardah - Short Bio:

Khair Ardah is a founder of ExcellentTrain Company where he performs consulting, and training activities. He has done a lot of seminars and research on web application and web services security. Khair started with web application security in mid 2005. He participated in several local and international conferences in different areas like SQL Server, Business Intelligence, SharePoint, and Web Security. Over the years, Khair got certified in Microsoft technologies like: MCP, MCAD.Net, MCSD.Net, MCDBA, MCT, MCTS in SharePoint 2010 Configuration, MCTS in SharePoint 2010 Development, and MCTS in SQL Server 2008 Business Intelligence.

Agenda:
Welcome & Introductions
Introduce Web Applications Vulnerabilities
SQL Injection with Demo
Cross Site Scripting with Demo
Form and Parameter Tampering with Demo
Session/Cookies Stolen and poisoning with Demo
Summary, Close & Evaluations
 

 


Facebook Application Development

Based on videos featuring Robert Turrall

http://acmsel.safaribooksonline.com/9780132876209

(accessible  from your ACM Web Account)

Facebook is the world's largest social network, with over 750 million users, who install 20 million applications every day. If you want to interact with a large audience, Facebook is the place to be, and applications are one of the most engaging ways to interact with that audience. This workshop focuses on creating Facebook applications using HTML, JavaScript, PHP, and Flash. The workshop starts with basic applications and progresses to more complex ones, culminating in a look at how Flash can be used to create interactive Facebook games, with no previous knowledge of Flash needed. 

Agenda:
Welcome & Introductions
Introduction to the Facebook Platform for Developers
The Facebook Graph API, The JavaScript and PHP SDKs, Wall Posts, Invites and Requests, Places and Check-Ins
Integrating Applications into Pages, Social Plugins,  Adding Open Graph Protocol Tags to Your Website
Flash and Facebook
Passing User Details into Flash, Two-Way Communication Using the External Interface
Summary, Close & Evaluations
 

 

Android Mobile Programming

Based on videos featuring Constantin Ehrenstein

http://acmsel.safaribooksonline.com/9780132808781

 

(accessible  from your ACM Web Account)

 

ABSTRACT:

This innovative workshop provides a solid understanding of how to design apps that can run on many different Android-based devices, under Android versions up to 2.3. Users will learn to set up an Android development environment, define device emulators, and connect to actual Android devices. The video also explains the fundamentals of Android layouts and user interfaces. It introduces the process of programming an app's interaction with Activities and Services and explains how to access existing Android system components. It also looks at how to ensure that an app runs on as many Android devices, screen sizes, and form factors as possible. It also explains how to package an app and publish it to the Android Marketplace.

Agenda:
Welcome & Introductions
Downloading Eclipse, Java, and the Android SDK, Installing Eclipse, Java, the Android SDK, and ADT
Connecting to a Device: Installing USB Drivers, Preparing Your Device for Debugging, Exploring Your Device in the IDE
Defining an Android Project, Android UI 101: Principles and Paradigms, Reusable Layout Components
Defining a Theme, Button States, Inserting Drawables, Android's Densities
The Activity Lifecycle, Creating and Registering New Activities, Calling Subactivities with Intents
Reading Sensor Data, Invoking the Contacts Application, Lists and Adapters, Accessing Contacts Data
Creating Option Menus & Context Menus, SQLite Databases in Android
Reading from a Database Table, Writing to a Database Table
Form Factors and Screen Sizes, Packaging, Publishing Your App
Summary, Close & Evaluations

 

 

© 2012 Jordan ACM Professional Chapter - ISWSA