course-deatils-thumbnail

Securing Databases | Database Security

Course Code: 1318
|

$1795

|
Home / Courses / Securing Databases | Database Security

Overview

This course equips participants with the skills they need to recognize actual and potential database vulnerabilities, implement defenses against them, and also test if those defenses are sufficient. During the course, participants are introduced to common security vulnerabilities faced by databases, and each of these vulnerabilities is examined from a database perspective. The course discusses the threat and attack mechanisms, how to recognize associated vulnerabilities and how to design, implement and test effective defenses. The course encompasses practical demonstrations and exercises to ensure that participants get a thorough understanding of the concepts discusses in the course.

Schedule Classes

Delivery Format
Starting Date
Starting Time
Duration

Live Classroom
Thursday, 10 December 2020
10:00 AM - 6:00 PM EST
2 Days

$1795 Add to cart

Delivery Format
Starting Date
Starting Time
Duration

Live Classroom
Thursday, 5 November 2020
10:00 AM - 6:00 PM EST
2 Days

$1795 Add to cart

Delivery Format
Starting Date
Starting Time
Duration

Live Classroom
Thursday, 24 September 2020
10:00 AM - 6:00 PM EST
2 Days

$1795 Add to cart

Looking for more sessions of this class?
Talk to us
Trivera

Course Delivery

This course is available in the following formats:

Live Classroom
Duration: 5 days

Live Virtual Classroom
Duration: 5 days

What You'll learn

  • Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
  • Test databases with various attack techniques to determine the existence of and effectiveness of layered defenses
  • Prevent and defend the many potential vulnerabilities associated with untrusted data
  • Understand the concepts and terminology behind supporting, designing, and deploying secure databases
  • Appreciate the magnitude of the problems associated with data security and the potential risks associated with those problems
  • Understand the currently accepted best practices for supporting the many security needs of databases.
  • Understand the vulnerabilities associated with authentication and authorization within the context of databases and database applications
  • Detect, attack, and implement defenses for authentication and authorization functionality
  • Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
  • Detect, attack, and implement defenses against XSS and Injection attacks
  • Understand the concepts and terminology behind defensive, secure, coding
  • Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
  • Perform both static reviews and dynamic database testing to uncover vulnerabilities
  • Design and develop strong, robust authentication and authorization implementations
  • Understand the fundamentals of Digital Signatures as well as how it can be used as part of the defensive infrastructure for data
  • Understand the fundamentals of Encryption as well as how it can be used as part of the defensive infrastructure for data

Outline

Module 1: Foundation

  • Who is safe?
    • The assumptions we make
    • Security: The complete picture
    • Anthem, Sony, Target, Heartland and TJX Debriefs
    • Verizon’s 2017 data breach report
    • Attack patterns and recommendations
  • Security concepts
    • Motivations: Costs and standards
    • Open web application security project
    • Web application security consortium
    • CERT secure coding standards
    • Microsoft SDL
    • Assets and trust boundaries
    • Threat modelling
  • Principles of information security
    • Security is a lifecycle issue
    • Minimize attack surface area
    • Layers of defense: Tenacious D
    • Compartmentalize
    • Consider all application states
    • Do not trust the Untrusted

Module 2: Database security vulnerabilities

  • Database security concerns
    • Data at rest and in motion
    • Privilege management
    • Boundary defenses
    • Continuity of service
    • Trusted recovery
  • Vulnerabilities
    • Unvalidated input
    • Broken authentication
    • Cross site scripting (XSS/CSRF)
    • Injection flaws
    • Error handling, logging and information leakage
    • Insecure storage
    • Direct object access
    • XML vulnerabilities
    • Web services vulnerabilities
    • Ajax vulnerabilities
  • Cryptography overview
    • Strong encryption
    • Message directs
    • Keys and key management
    • Certificate management
    • Encryption/Decryption
  • Database security
    • Design and configuration
    • Identification and authentication
    • Computing environment
    • Database auditing
    • Boundary defenses
    • Continuity of service
    • Vulnerability and incident management
  • Understanding what’s important
    • Common vulnerabilities and exposures
    • OWASP 2017 top 10
    • CWE/SANS Top 25 most dangerous SW errors
    • Monster mitigations
    • Strength training: Project teams/developers
    • Strength training: IT organizations

Module 3: Secure Development Lifecycle (SDL)

  • SDL process overview
    • Types of security controls
    • Phases of typical data-oriented attack
    • Phases: Offensive actions and defensive controls
    • Security lifecycle activities
  • Applying processes and practices
    • Threat modeling process
    • Modeling assets and trust boundaries
    • Modeling data flows
  • Risk analysis
    • Identifying threats
    • Relating threats to models
    • Mitigating threats
    • Reviewing the application

Module 4: Security testing

  • Testing tools and processes
    • Security testing principles
    • Dynamic analyzers
    • Static code analyzers
    • Criteria for selecting static analyzers
  • Testing practices
    • OWASP web app penetration testing
    • Authentication testing
    • Session management testing
    • Data validation testing
    • Denial of service testing
    • Web service testing
    • Ajax testing
View More

Prerequisites

Participants need to be familiar with databases, and have some experience working with them.

Who Should Attend

This is an intermediate-level database course, designed for participants who seek to get up and running on developing well defended database applications.

The course is highly recommended for –

  • Database technical support engineers
  • Database administrators
  • Security consultants
  • Database developers
  • Database engineers
  • Security analysts
  • Software engineers

Interested in this course? Let’s connect!

Related Courses

Python for network automation
Python for Network Automation
Network fundamentals
Network Fundamentals
Software defined networking function virtualization
Software Defined Networking (SDN) and Network Function Virtualization (NFV)
VoLTE and the IMS
VoLTE and the IMS

Popular Courses

ITIL 4 foundation
ITIL® 4 Foundation
ITIL® Foundation (v3, 2011)
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Security Professional (CISSP)
Mastering Python Programming
Mastering Python Programming

Recent Posts

AWS

What Is The Future Of The Amazon Web Services And The Cloud Computing Market?

August 6, 2020
ITIL

Training for Digital Transformation with ITIL

July 2, 2020

Top 10 Trending Technologies to Learn in 2020

July 1, 2020
Machine Learning

Top 10 machine learning models beginners must learn

June 24, 2020