28.01.2026 –, 107
Jazyk: English
Everyone knows how to prevent basic SQL injection but modern attackers have moved far beyond textbook exploits. In high-traffic PostgreSQL deployments, subtle misconfigurations and overlooked features can open doors to far more sophisticated attacks.
This talk uncovers the next generation of database threats that rarely make it into security checklists. We’ll examine:
* Privilege Escalation via Extensions and Foreign Data Wrappers how seemingly harmless extensions or FDWs can leak credentials or access external systems.
* Timing and Side-Channel Attacks : extracting secrets by measuring query latency and caching behavior.
* Abusing Logical Replication and LISTEN/NOTIFY : stealthy data exfiltration channels hidden in plain sight.
* Role Inheritance & Row-Level Security Pitfalls : ways attackers exploit complex permission hierarchies.
Attendees will learn how to recognize these attack surfaces, configure PostgreSQL securely, and implement defense-in-depth strategies such as strict role design, immutable infrastructure, and continuous auditing.
Whether you’re a DBA, developer, or security engineer, this session will challenge the assumption that SQL injection is the only real database risk and provide actionable steps to harden your PostgreSQL environment against today’s most overlooked threats.
I’m Kranthi Kiran Burada, and I've been serving as a Sr Database Migration Specialist at AWS for the past 8 years, accumulating a total of 12 years of experience in the field. My primary focus lies in assisting customers with migrating from commercial databases to open-source databases like PostgreSQL.
Over the last 9 years, I've been deeply involved with PostgreSQL, aiding clients in performance optimization, database design, troubleshooting, and offering best practices during migrations from Oracle/SQL Server to PostgreSQL.
I had the privilege of being a speaker at both SwissPGDay 2024, PGConf Belgium 2024,SQLBits 2025 London and PASS Data Community 2025-Netherlands.Additionally, I have the privilege of being an AWS Certification Subject Matter Expert (SME), contributing to the development of all AWS associate certifications and the AWS Database Specialty Certification.
Beyond my professional endeavours, I'm passionate about exploring new destinations and indulging in games like badminton and cricket during my leisure time.
I am accomplished database professional with 21 years of comprehensive experience across Oracle, PostgreSQL, Microsoft SQL Server, and MySQL environments, with specialized PostgreSQL expertise since a decade. Currently serving as a Senior Data Migration Specialist at AWS, I architect and execute complex enterprise migration strategies while actively expanding into Generative AI technologies to enhance migration efficiency and optimize data workflows. My core competencies include database architecture, performance optimization, migration planning, and cross-platform data integration, combining decades of hands-on experience with modern cloud methodologies to deliver scalable, reliable data solutions that bridge traditional database principles with emerging AI capabilities.