Maxtrain.com - info@maxtrain.com - 513-322-8888 - 866-595-6863
Securing Databases | Database Security Training
Description
Securing Databases | Database Security Course Introduction
Welcome to Securing Databases and Database Security Training course. From ransomware and constant data breaches to state-sponsored attacks, we are under constant and increasing pressure. Retailers, financial institutions, government agencies, high-tech companies, and many others are paying the price for poor application security – financial losses and eroding trust. The developer community must take ownership of these problems and change our perspective of defensive measures and how we design, development, and maintain software applications.
The course begins by exploring the foundations of database security, including the principles of data confidentiality, integrity, and availability. You will learn about the different types of threats that databases face, such as SQL injection, privilege escalation, and insider threats, and how these can be exploited by attackers. The course emphasizes the importance of understanding the mindset of an attacker to better defend against them.
The practical aspect of the course involves interactive sessions where participants engage in simulating attacks and defenses on database systems. This includes exercises on setting up firewalls, encrypting data at rest and in transit, and implementing access control mechanisms.
Case studies from real-world incidents are discussed, providing insight into how security breaches occurred and how they could have been prevented. The course also covers the legal and ethical considerations in database security, ensuring that participants are aware of the compliance requirements and best practices in the industry.
By the end of this course, you will have a comprehensive understanding of how to secure databases against a wide range of threats, ensuring the safety and integrity of critical data.
Securing Databases | Database Security Course Objectives
Throughout the course, you will learn to:
- Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections.
- Establish the first axiom in security analysis of ALL web applications for this course and beyond.
- Establish the first axiom in addressing ALL security concerns for this course and beyond.
- Test databases with various attack techniques to determine the existence of and effectiveness of layered defenses.
- Prevent and defend the many potential vulnerabilities associated with untrusted data.
- Understand the concepts and terminology behind supporting, designing, and deploying secure databases.
- Appreciate the magnitude of the problems associated with data security and the potential risks associated with those problems.
- Understand the currently accepted best practices for supporting the many security needs of databases.
- Understand the vulnerabilities associated with authentication and authorization within the context of databases and database applications.
- Detect, attack, and implement defenses for authentication and authorization functionality.
- Understand the dangers and mechanisms behind Injection attacks.
- Understand the concepts and terminology behind defensive, secure database configuration and operation.
- Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets.
- Perform both static reviews and dynamic database testing to uncover vulnerabilities.
- Design and develop strong, robust authentication and authorization implementations.
- Understand the fundamentals of Digital Signatures as well as how it can be used as part of the defensive infrastructure for data.
- Understand the fundamentals of Encryption as well as how it can be used as part of the defensive infrastructure for data.
- Identify resources to use for ongoing threat intelligence.
Prerequisites
- Ideally, students should have approximately 6 months to a year of database working knowledge.
Audience
- This is an introduction to database security course for intermediate skilled team members. Attendees might include DBAs, system administrators, developers and other enterprise team members.
Securing Databases | Database Security Course Outline
Why Hunt Bugs?
- The Language of Cybersecurity
- The Changing Cybersecurity Landscape
- AppSec Dissection of SolarWinds
- The Human Perimeter
- Interpreting the 2021 Verizon Data Breach Investigation Report
- First Axiom in Web Application Security Analysis
- First Axiom in Addressing ALL Security Concerns
Fingerprinting Databases
- Fingerprinting Infrastructures and Databases
- Finding the Databases
- Scanning Databases for Vulnerabilities
- Scanning Applications and Operating Systems
Principles of Information Security
- Security Is a Lifecycle Issue
- Minimize Attack Surface Area
- Layers of Defense: Tenacious D
- Compartmentalize
- Consider All Application States
- Do NOT Trust the Untrusted
- AppSec Dissection of the Verkada Exploit
Database Security Vulnerabilities
- Database Security Concerns
- Data at Rest and in Motion
- Privilege management
- Boundary Defenses
- Continuity of Service
- Trusted Recovery
Common Vulnerabilities and Databases
- Unvalidated Input
- Elevation of Privileges
- Identifying Protection Needs
- Evolving Privacy Considerations
- Options for Protecting Data
- Transport/Message Level Security
- SQL Injection Flaws
- Drill Down on Stored Procedures
- Quality and Protection of Authentication Data
- Proper hashing of passwords
- Handling Passwords on Server Side
- Managing Updates: Balancing Risk and Timeliness
- Detecting Threats and Active Attacks
- Best Practices for Determining What to Log
- Safe Logging in Support of Forensics
- System Hardening
- Risks with Internet-Connected Resources
- Segmentation with Containers and Cloud
Database Security
- Design and Configuration
- Identification and Authentication
- Computing Environment
- Database Auditing
- Boundary Defenses
- Continuity of Service
- Vulnerability and Incident Management
Moving Forward with Database Security
- Databases: What Next?
- Common Vulnerabilities and Exposures
- Strength Training: Project Teams/Developers
- Strength Training: IT Organizations
Secure Development Lifecycle (SDL)
- SDL Overview
- Attack Phases: Offensive Actions and Defensive Controls
- Secure Software Development Processes
- Shifting Left
- Actionable Items Moving Forward
- SDL In Action
- Risk Escalators
- Risk Escalator Mitigation
- SDL Phases
- Actions for each SDL Phase
- SDL Best Practices
Taking Action Now for Securing Databases
- Database Asset Analysis
- Targets: Data/Entity Assets
- Targets: Functional/Service Assets
- Classifying Based on Value and Risk Escalation
- Asset Inventory and Analysis
- Making Application Security Real
- Cost of Continually Reinventing
- Leveraging Common AppSec Practices and Control
- Paralysis by Analysis
- Actional Application Security
- Additional Tools for the Toolbox
Bonus Topics: Time Permitting
- Cryptography Overview
- Strong Encryption
- Message Digests
- Encryption/Decryption
- Keys and Key Management
- NIST Recommendations
$1895.00
|
2 Days Course |