Securing Databases | Database Security

Learn to Attack and Defend Assets Critical Database Assets, and How to Build Secure Databases from the Ground Up

TT8700

Intermediate and Beyond

2 Days

Course Overview

Securing Databases is an essential training course for DBAs and developers who need to produce secure database applications and manage secure databases. Data, databases, and related resources are at the heart of most IT infrastructures. These assets can have high value from a business, regulatory, and liability perspective, and must be protected accordingly. This course showcases demonstrations on how to repeatedly attack and then defend various assets associated with a fully functional database. This approach illustrates the mechanics of how to secure databases in the most practical of terms.

 

Security experts agree that the least effective approach to security is "penetrate and patch". It is far more effective to "bake" security into an application throughout its lifecycle. After spending significant time trying to defend a poorly designed (from a security perspective) database application, students will learn how to build secure their databases and applications, starting at project inception.

Course Objectives

Students who attend Securing Databases will leave the course armed with the skills required to recognize actual and potential database vulnerabilities, implement defenses for those vulnerabilities, and test those defenses for sufficiency.

 

This course introduces students to the most common security vulnerabilities faced by databases today. Each vulnerability is examined from a database perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses. Multiple practical demonstrations reinforce these concepts with real vulnerabilities and attacks. Students will learn how to design and implement the layered defenses they will need in defending their own databases.

 

Throughout the course, attendees will learn to:

· Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections

· Test databases with various attack techniques to determine the existence of and effectiveness of layered defenses

· Prevent and defend the many potential vulnerabilities associated with untrusted data

· Understand the concepts and terminology behind supporting, designing, and deploying secure databases

· Appreciate the magnitude of the problems associated with data security and the potential risks associated with those problems

· Understand the currently accepted best practices for supporting the many security needs of databases.

· Understand the vulnerabilities associated with authentication and authorization within the context of databases and database applications

· Detect, attack, and implement defenses for authentication and authorization functionality

· Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks

· Detect, attack, and implement defenses against XSS and Injection attacks

· Understand the concepts and terminology behind defensive, secure database configuration and operation

· Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets

· Perform both static reviews and dynamic database testing to uncover vulnerabilities

· Design and develop strong, robust authentication and authorization implementations

· Understand the fundamentals of Digital Signatures as well as how it can be used as part of the defensive infrastructure for data

· Understand the fundamentals of Encryption as well as how it can be used as part of the defensive infrastructure for data

Course Prerequisites

This is an introduction to database security course for intermediate skilled team members. Attendees might include DBAs, system administrators, developers and other enterprise team members. Ideally, students should have approximately 6 months to a year of database working knowledge.

Course Agenda

 

Session: Securing Databases Foundation

 

Lesson: Why Hunt for Security Defects?

· Security and Insecurity

· Dangerous Assumptions

· Attack Vectors

 

Lesson: Fingerprinting Databases

· Reconnaissance Goals

· Data Collection Techniques

· Fingerprinting the Environment

· Enumerating Web Applications

· Spidering, Dorks, and Other Tools

 

Lesson: Principles of Information Security

· Security Is a Lifecycle Issue

· Minimize Attack Surface Area

· Layers of Defense: Tenacious D

· Compartmentalize

· Consider All Application States

· Do NOT Trust the Untrusted

 

Session: Database Security Vulnerabilities

 

Lesson: Database Security Concerns

· Data at Rest and in Motion

· Privilege management

· Boundary Defenses

· Continuity of Service

· Trusted Recovery

 

 

Lesson: Vulnerabilities

· Unvalidated Input

· Broken Authentication

· Cross Site Scripting (XSS/CSRF)

· Injection Flaws

· Error Handling, Logging, and Information Leakage

· Insecure Storage

· Direct Object Access

· XML Vulnerabilities

· Web Services Vulnerabilities

· Ajax Vulnerabilities

 

Lesson: Cryptography Overview

· Strong Encryption

· Message digests

· Keys and key management

· Certificate management

· Encryption/Decryption

 

Lesson: Database Security

· Design and Configuration

· Identification and Authentication

· Computing Environment

· Database Auditing

· Boundary Defenses

· Continuity of Service

· Vulnerability and Incident Management

 

Session: Moving Forward

 

Lesson: What Next?

· Open Web Application Security Project (OWASP)

· OWASP Top Ten Overview

· Web Application Security Consortium

· CERT Secure Coding Standards

· Bug Hunting Mistakes to Avoid

· Tools and Resource

 

Session: Secure Development Lifecycle (SDL)

 

Lesson: SDL Process Overview

· Revisiting Attack/Defense Basics

· Types of Security Controls

· Attack Phases: Offensive Actions and Defensive Controls

· Secure Software Development Processes

· Shifting Left

· Actionable Items Moving Forward

 

Session: Taking Action Now

 

Lesson: Asset Analysis

· Targets: Data/Entity Assets

· Targets: Functional/Service Assets

· Classifying Based on Value and Risk Escalation

· Asset Inventory and Analysis

 

Lesson: Design Review

· Asset Inventory and Design

· Assets, Dataflows, and Trust Boundaries

· Risk Escalators in Designs

· Risk Mitigation Options

 

Lesson: Making Application Security Real

· Cost of Continually Reinventing

· Paralysis by Analysis

· Actional Application Security

· Additional Tools for the Toolbox

Course Materials

Each student will receive a Student Guide with course notes, code samples, software tutorials, diagrams and related reference materials and links (as applicable). Our courses also include step by step hands-on lab instructions and and solutions, clearly illustrated for users to complete hands-on work in class, and to revisit to review or refresh skills at any time. Students will also receive related (as applicable) project files, code files, data sets and solutions required for the hands-on work.

Raise the bar for advancing technology skills

Attend a Class!

Live scheduled classes are listed below or browse our full course catalog anytime

Special Offers

We regulary offer discounts for individuals, groups and corporate teams. Contact us

Custom Team Training

Check out custom training solutions planned around your unique needs and skills.

EveryCourse Extras

Exclusive materials, ongoing support and a free live course refresh with every class.

Attend a Course

Please see the current upcoming available open enrollment course dates posted below. Please feel free to Register Online below, or call 844-475-4559 toll free to connect with our Registrar for assistance. If you need additional date options, please contact us for scheduling.

Course Title Days Date Time Price
Securing Databases | Database Security 2 Days Mar 25 to Mar 26 10:00 AM to 06:00 PM EST $1,895.00 Register
Securing Databases | Database Security 2 Days May 13 to May 14 10:00 AM to 06:00 PM EST $1,895.00 Register
Securing Databases | Database Security 2 Days Jul 15 to Jul 16 10:00 AM to 06:00 PM EST $1,895.00 Register
Securing Databases | Database Security 2 Days Sep 9 to Sep 10 10:00 AM to 06:00 PM EST $1,895.00 Register
Securing Databases | Database Security 2 Days Oct 28 to Oct 29 10:00 AM to 06:00 PM EST $1,895.00 Register

New Site, BIG Savings!
We're celebrating the launch of our lonnngggg awaited new site with with *50% off all 2021 Public Classes* booked by March 31!  Check out our Current Offers for Individuals, Teams and Organizations to Learn for Less!

See our latest Offers and Promotions

Learn. Explore. Advance!

Extend your training investment! Recorded sessions, free re-sits and after course support included with Every Course
Trivera MiniCamps
Gain the skills you need with less time in the classroom with our short course, live-online hands-on events
Trivera QuickSkills: Free Courses and Webinars
Training on us! Keep your skills current with free live events, courses & webinars
Trivera AfterCourse: Coaching and Support
Expert level after-training support to help organizations put new training skills into practice on the job

The voices of our customers speak volumes

Special Offers
Limited Offer for most courses.

SAVE 50%

Learn More