Paul Steen

As Principal Security Engineer, Paul Steen heads technical advice, training and solutions across Asia Pacific and Japan. Paul brings a wealth of experience with him in designing and deploying application and data security solutions. He has also performed numerous data penetration testing for organizations in the Healthcare, Financial Services, Government and ecommerce verticals. Paul has lectured on general Network Security topics and taught professional Security related product certification courses in over 35 countries.

Prior to joining Imperva, Paul held a variety of Technical roles at Check Point Software Technology Ltd., including Security Engineering and, Partner and End-user Instruction. He has also taught IT security courses at a number of educational institutions and universities around the world.

AusCERT2012 Presentation

Top 10 Database Security Threats and How to Stop Them

The enterprise database infrastructure houses a gold mine of information highly coveted by malicious hackers and spiteful insiders. As database threats escalate and the government tightens compliance regulations, the need for database security is imperative. Imperva's own research organization, the Application Defense Center (ADC), has identified the top 10 most dangerous threats affecting today's organizations, as well as provided background and general risk mitigation strategies. Included among the Top 10 list are the following three threats:

• Excessive Privilege Abuse: When users (or applications) are granted database access privileges that exceed the requirements of their job function, these privileges may be abused for malicious purpose.
• SQL Injection: When a perpetrator inserts (or injects) unauthorized database statements into a vulnerable SQL data channel.
• Denial of Service: When access to network applications or data is denied to intended users