Database Security Mini Camp | Securing Databases
Securing Databases is an essential training course for DBAs and developers who need to produce secure database applications and manage secure databases. Data, databases, and related resources are at the heart of most IT infrastructures. These assets can have high value from a business, regulatory, and liability perspective, and must be protected accordingly. This course showcases demonstrations on how to repeatedly attack and then defend various assets associated with a fully functional database. This approach illustrates the mechanics of how to secure databases in the most practical of terms.
Security experts agree that the least effective approach to security is "penetrate and patch". It is far more effective to "bake" security into an application throughout its lifecycle. After spending significant time trying to defend a poorly designed (from a security perspective) database application, students will learn how to build secure their databases and applications, starting at project inception.
Students who attend Securing Databases will leave the course armed with the skills required to recognize actual and potential database vulnerabilities, implement defenses for those vulnerabilities, and test those defenses for sufficiency.
This course introduces students to the most common security vulnerabilities faced by databases today. Each vulnerability is examined from a database perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses. Multiple practical demonstrations reinforce these concepts with real vulnerabilities and attacks. Students will learn how to design and implement the layered defenses they will need in defending their own databases.
Throughout the course, attendees will learn to:
- Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
- Test databases with various attack techniques to determine the existence of and effectiveness of layered defenses
- Prevent and defend the many potential vulnerabilities associated with untrusted data
- Understand the concepts and terminology behind supporting, designing, and deploying secure databases
- Appreciate the magnitude of the problems associated with data security and the potential risks associated with those problems
- Understand the currently accepted best practices for supporting the many security needs of databases.
- Understand the vulnerabilities associated with authentication and authorization within the context of databases and database applications
- Detect, attack, and implement defenses for authentication and authorization functionality
- Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
- Detect, attack, and implement defenses against XSS and Injection attacks
- Understand the concepts and terminology behind defensive, secure database configuration and operation
- Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
- Perform both static reviews and dynamic database testing to uncover vulnerabilities
- Design and develop strong, robust authentication and authorization implementations
- Understand the fundamentals of Digital Signatures as well as how it can be used as part of the defensive infrastructure for data
- Understand the fundamentals of Encryption as well as how it can be used as part of the defensive infrastructure for data
Trivera offers hundreds of end-to-end skills-focused courses that provide participants with the job-ready skills they require to be truly productive in a modern IT business enterprise. Our courses are available for individuals, their teams, or across their organization, for students of all skill levels and roles. We offer an extensive online Public Course Schedule, deep catalog for Private Courses, flex-hour Mini-Camp short courses, self-paced QuickSkills courses, free webinars and more. Trivera’s unique EveryCourse Extras and AfterCourse Extras programs, included with every course, ensure our students can put their newly-learned skills right to work, while providing them with a solid platform for continued skills-development, support and long-term growth. For more information about our dedicated training services, public course offerings, collaborative coaching services, new hire or enterprise upskilling programs, or to see our complete list of course offerings and special offers please call us toll free at 844-475-4559. Our pricing and services are always satisfaction guaranteed.
Who should attend?
This is an introduction to database security course for intermediate skilled team members. Attendees might include DBAs, system administrators, developers and other enterprise team members. Ideally, students should have approximately 6 months to a year of databaseworking knowledge.
Session: Securing Databases Foundation
Lesson: Why Hunt for Security Defects?
- Security and Insecurity
- Dangerous Assumptions
- Attack Vectors
Lesson: Fingerprinting Databases
- Reconnaissance Goals
- Data Collection Techniques
- Fingerprinting the Environment
- Enumerating Web Applications
- Spidering, Dorks, and Other Tools
Lesson: Principles of Information Security
- Security Is a Lifecycle Issue
- Minimize Attack Surface Area
- Layers of Defense: Tenacious D
- Consider All Application States
- Do NOT Trust the Untrusted
Session: Database Security Vulnerabilities
Lesson: Database Security Concerns
- Data at Rest and in Motion
- Privilege management
- Boundary Defenses
- Continuity of Service
- Trusted Recovery
- Unvalidated Input
- Broken Authentication
- Cross Site Scripting (XSS/CSRF)
- Injection Flaws
- Error Handling, Logging, and Information Leakage
- Insecure Storage
- Direct Object Access
- XML Vulnerabilities
- Web Services Vulnerabilities
- Ajax Vulnerabilities
Lesson: Cryptography Overview
- Strong Encryption
- Message digests
- Keys and key management
- Certificate management
Lesson: Database Security
- Design and Configuration
- Identification and Authentication
- Computing Environment
- Database Auditing
- Boundary Defenses
- Continuity of Service
- Vulnerability and Incident Management
Session: Moving Forward
Lesson: What Next?
- Open Web Application Security Project (OWASP)
- OWASP Top Ten Overview
- Web Application Security Consortium
- CERT Secure Coding Standards
- Bug Hunting Mistakes to Avoid
- Tools and Resource
Session: Secure Development Lifecycle (SDL)
Lesson: SDL Process Overview
- Revisiting Attack/Defense Basics
- Types of Security Controls
- Attack Phases: Offensive Actions and Defensive Controls
- Secure Software Development Processes
- Shifting Left
- Actionable Items Moving Forward
Session: Taking Action Now
Lesson: Asset Analysis
- Targets: Data/Entity Assets
- Targets: Functional/Service Assets
- Classifying Based on Value and Risk Escalation
- Asset Inventory and Analysis
Lesson: Design Review
- Asset Inventory and Design
- Assets, Dataflows, and Trust Boundaries
- Risk Escalators in Designs
- Risk Mitigation Options
Lesson: Making Application Security Real
- Cost of Continually Reinventing
- Paralysis by Analysis
- Actional Application Security
- Additional Tools for the Toolbox
Course delivery details
Student Materials: Each student will receive a Student Guide with course notes, code samples, software tutorials, diagrams and related reference materials and links (as applicable). Our courses also include step by step hands-on lab instructions and and solutions, clearly illustrated for users to complete hands-on work in class, and to revisit to review or refresh skills at any time. Students will also receive related (as applicable) project files, code files, data sets and solutions required for the hands-on work.
Classroom Setup Made Simple: Our dedicated tech team will work with you to ensure your classroom and lab environment is setup, tested and ready to go well in advance of the course delivery date, ensuring a smooth start to class and seamless hands-on experience for your students. We offer several flexible student machine setup options including guided manual set up for simple installation directly on student machines, or cloud based / remote hosted lab solutions where students can log in to a complete separate lab environment minus any installations, or we can supply complete turn-key, pre-loaded equipment to bring ready-to-go student machines to your facility. Please inquire for details, options and pricing.
- Price: $1,795.00
- Discounted Price: $1,166.75
Why choose Trivera Technologies LLC?
Over 25 years of technology training expertise.
Robust portfolio of over 1,000 leading edge technology courses.
Guaranteed to run courses and flexible learning options.
About Trivera Technologies LLC
Trivera Technologies is a IT education services & courseware firm that offers a range of wide professional technical education services including: end to end IT training development and delivery, skills-based mentoring programs,new hire training and re-skilling services, courseware licensing and...
Contact this provider
Have a question about this course? Fill out this form and the provider will get in touch with you shortly
No reviews available
Need help with your search?
findcourses.com offers a free consultancy service to help compare training for you and your team
You may also like...