COD 641: Database Security

Live Training English
Duration: 2 days | Course is offered in English

Course Overview

This course will help Developers and Database Administrators make informed security decisions when using databases with their applications. It begins with a discussion on the role of databases and how they are used in today's software systems and then dives into common database threats and attacks. The instructor will describe in detail defensive database principles for each phase of development that can be incorporated to mitigate the risks from these attacks, including:

  • Choosing secure design components and reducing your database application’s attack surface
  • Secure coding best practices
  • Encryption techniques and leveraging stored procedures for improved security
  • Secure database configuration and deployment, etc.

This course will provide examples for Microsoft SQL Server and Oracle.

Upon completion of this class, participants will be able to:

  • Understand threats, vulnerabilities and risks as they relate to database systems
  • Identify common database attacks and the security impact they have
  • Implement secure database development best practices to harden applications from attack
  • Leverage tools to identify database weaknesses and audit data and events

Modules Covered

Security Concepts and Definitions

This module covers the fundamental security concepts as they apply to database systems: confidentiality, possession, integrity, authenticity, availability, and usefulness. Definitions and explanations of key application security terms are covered.

Why Database Security is Important

The module begins with a discussion on the business rationale for protecting applications with database systems and continues on to describe attacker motives and common threats to database systems:

  • Information Disclosure, SQL Injection, Broken Authentication, Privilege Escalation
  • Exploiting Extra Functionality, Unpatched Systems, Unprotected Data, and Platform Vulnerabilities

Defensive Database Principles

This module addresses defensive database principles that can be applied throughout the software development lifecycle to protect the valuable assets and systems. They include:

  • Architecture and Design Principles
    • Minimize the attack surface, defense in depth, secure architecture, beware of backwards compatibility, compartmentalization, securing the weakest link
  • Development Principles
    • Authentication, input validation, least privilege and authorization, permissions and access control, encryption, logging, filtering, and reporting on security events
  • Test Principles
    • Leverage tools to audit data and events, identify weaknesses and remedy them; failing securely, conduct DBMS vulnerability assessments
  • Deployment Principles
    • Secure by Default (configuration guidance), patching, backups, watching resources, incident handling