Securing Databases | Database Security
Retail Price: $1,895.00
Next Date: 02/05/2025
Course Days: 2
Enroll in Next Date
Request Custom Course
Course Objectives
Throughout the course, you will learn to:
- Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
- Establish the first axiom in security analysis of ALL web applications for this course and beyond
- Establish the first axiom in addressing ALL security concerns for this course and beyond
- Test databases with various attack techniques to determine the existence of and effectiveness of layered defenses
- Prevent and defend the many potential vulnerabilities associated with untrusted data
- Understand the concepts and terminology behind supporting, designing, and deploying secure databases
- Appreciate the magnitude of the problems associated with data security and the potential risks associated with those problems
- Understand the currently accepted best practices for supporting the many security needs of databases.
- Understand the vulnerabilities associated with authentication and authorization within the context of databases and database applications
- Detect, attack, and implement defenses for authentication and authorization functionality
- Understand the dangers and mechanisms behind Injection attacks
- Understand the concepts and terminology behind defensive, secure database configuration and operation
- Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
- Perform both static reviews and dynamic database testing to uncover vulnerabilities
- Design and develop strong, robust authentication and authorization implementations
- Understand the fundamentals of Digital Signatures as well as how it can be used as part of the defensive infrastructure for data
- Understand the fundamentals of Encryption as well as how it can be used as part of the defensive infrastructure for data
- Identify resources to use for ongoing threat intelligence
- Plan next steps after completion of this training
Course Prerequisites
This is an introduction to database security course for intermediate skilled team members. Attendees might include DBAs, system administrators, developers and other enterprise team members. Ideally, students should have approximately 6 months to a year of database working knowledge.
Outline
Please note that this list of topics is based on our standard course offering, evolved from typical industry uses and trends. We’ll work with you to tune this course and level of coverage to target the skills you need most. Topics, agenda and labs are subject to change, and may adjust during live delivery based on audience interests, skill-level and participation.
Session: Foundation for Securing Databases
Lesson: Why Hunt Bugs?
The Language of Cybersecurity
The Changing Cybersecurity Landscape
AppSec Dissection of SolarWinds
The Human Perimeter
Interpreting the 2021 Verizon Data Breach Investigation Report
First Axiom in Web Application Security Analysis
First Axiom in Addressing ALL Security Concerns
Lesson: Fingerprinting Databases
Fingerprinting Infrastructures and Databases
Finding the Databases
Scanning Databases for Vulnerabilities
Scanning Applications and Operating Systems
Lesson: Principles of Information Security
Security Is a Lifecycle Issue
Minimize Attack Surface Area
Layers of Defense: Tenacious D
Compartmentalize
Consider All Application States
Do NOT Trust the Untrusted
AppSec Dissection of the Verkada Exploit
Session: Database Security Vulnerabilities
Lesson: Database Security Concerns
Data at Rest and in Motion
Privilege management
Boundary Defenses
Continuity of Service
Trusted Recovery
Lesson: Common Vulnerabilities and Databases
Unvalidated Input
Elevation of Privileges
Identifying Protection Needs
Evolving Privacy Considerations
Options for Protecting Data
Transport/Message Level Security
SQL Injection Flaws
Drill Down on Stored Procedures
Quality and Protection of Authentication Data
Proper hashing of passwords
Handling Passwords on Server Side
Managing Updates: Balancing Risk and Timeliness
Detecting Threats and Active Attacks
Best Practices for Determining What to Log
Safe Logging in Support of Forensics
System Hardening
Risks with Internet-Connected Resources (Servers to Cloud)
Segmentation with Containers and Cloud
Lesson: Database Security
Design and Configuration
Identification and Authentication
Computing Environment
Database Auditing
Boundary Defenses
Continuity of Service
Vulnerability and Incident Management
Session: Moving Forward with Database Security
Lesson: Databases: What Next?
Common Vulnerabilities and Exposures
Strength Training: Project Teams/Developers
Strength Training: IT Organizations
Session: Secure Development Lifecycle (SDL)
Lesson: SDL Overview
Attack Phases: Offensive Actions and Defensive Controls
Secure Software Development Processes
Shifting Left
Actionable Items Moving Forward
Lesson: SDL In Action
Risk Escalators
Risk Escalator Mitigation
SDL Phases
Actions for each SDL Phase
SDL Best Practices
Session: Taking Action Now for Securing Databases
Lesson: Database Asset Analysis
Targets: Data/Entity Assets
Targets: Functional/Service Assets
Classifying Based on Value and Risk Escalation
Asset Inventory and Analysis
Lesson: Making Application Security Real
Cost of Continually Reinventing
Leveraging Common AppSec Practices and Control
Paralysis by Analysis
Actional Application Security
Additional Tools for the Toolbox
Bonus Topics: Time Permitting
Lesson: Cryptography Overview
Strong Encryption
Message Digests
Encryption/Decryption
Keys and Key Management
NIST Recommendations
Course Dates | Course Times (EST) | Delivery Mode | GTR | |
---|---|---|---|---|
2/5/2025 - 2/6/2025 | 10:00 AM - 6:00 PM | Virtual | Enroll | |
4/16/2025 - 4/17/2025 | 10:00 AM - 6:00 PM | Virtual | Enroll | |
6/18/2025 - 6/19/2025 | 10:00 AM - 6:00 PM | Virtual | Enroll | |
8/20/2025 - 8/21/2025 | 10:00 AM - 6:00 PM | Virtual | Enroll | |
10/22/2025 - 10/23/2025 | 10:00 AM - 6:00 PM | Virtual | Enroll | |
12/3/2025 - 12/4/2025 | 10:00 AM - 6:00 PM | Virtual | Enroll |