Name: A Race to the Bottom - Database Transactions Undermining Your AppSec
Start: 2024-06-27T10:30:00+0100
End: 2024-06-27T11:15:00+0100

A Race to the Bottom - Database Transactions Undermining Your AppSec

In the context of relational databases such as Postgres, MySQL/MariaDB or MSSQL, a transaction is a construct used to wrap complex business operations, ensuring the application is safe from data corruption. But what happens when they start working against you?

This presentation will show a darker side of database transactions: as a potential source of application vulnerabilities. Learn how common patterns of (mis)use can introduce data races and easily exploitable race conditions. We’ll dig into database internals and find out how the helpful hand of the database engine introduces the vulnerability, ways of exploiting it and look at possible mitigations.

Speakers

Viktor Chuchurski

Application Security Engineer, Doyensec

Viktor Chuchurski is a passionate Application Security Engineers with an extensive background in Software Development. He work in helping clients deliver secure software to their customers.

Thursday June 27, 2024 10:30am - 11:15am WEST

Breakout: Defender Track

Audience Beginner

Feedback form isn't open yet.

OWASP Global AppSec Lisbon 2024

Viktor Chuchurski

Attendees (4)

OWASP Global AppSec Lisbon 2024

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Viktor Chuchurski

Attendees (4)