Narendra Tawar
I am accomplished database professional with 21 years of comprehensive experience across Oracle, PostgreSQL, Microsoft SQL Server, and MySQL environments, with specialized PostgreSQL expertise since a decade. Currently serving as a Senior Data Migration Specialist at AWS, I architect and execute complex enterprise migration strategies while actively expanding into Generative AI technologies to enhance migration efficiency and optimize data workflows. My core competencies include database architecture, performance optimization, migration planning, and cross-platform data integration, combining decades of hands-on experience with modern cloud methodologies to deliver scalable, reliable data solutions that bridge traditional database principles with emerging AI capabilities.
Přednáška
Everyone knows how to prevent basic SQL injection but modern attackers have moved far beyond textbook exploits. In high-traffic PostgreSQL deployments, subtle misconfigurations and overlooked features can open doors to far more sophisticated attacks.
This talk uncovers the next generation of database threats that rarely make it into security checklists. We’ll examine:
* Privilege Escalation via Extensions and Foreign Data Wrappers how seemingly harmless extensions or FDWs can leak credentials or access external systems.
* Timing and Side-Channel Attacks : extracting secrets by measuring query latency and caching behavior.
* Abusing Logical Replication and LISTEN/NOTIFY : stealthy data exfiltration channels hidden in plain sight.
* Role Inheritance & Row-Level Security Pitfalls : ways attackers exploit complex permission hierarchies.
Attendees will learn how to recognize these attack surfaces, configure PostgreSQL securely, and implement defense-in-depth strategies such as strict role design, immutable infrastructure, and continuous auditing.
Whether you’re a DBA, developer, or security engineer, this session will challenge the assumption that SQL injection is the only real database risk and provide actionable steps to harden your PostgreSQL environment against today’s most overlooked threats.