Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
Database and Application Security
A Practitioner's Guide
Taschenbuch von R Sarma Danturthi
Sprache: Englisch

55,40 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

Lieferzeit 1-2 Wochen

Kategorien:
Beschreibung

An all-encompassing guide to securing your database and applications against costly cyberattacks!

In a time when the average cyberattack costs a company [...] million, organizations are desperate for qualified database administrators and software professionals. Hackers are more innovative than ever before. Increased cybercrime means front-end applications and back-end databases must be finetuned for a strong security posture. Database and Application Security: A Practitioner's Guide is the resource you need to better fight cybercrime and become more marketable in an IT environment that is short on skilled cybersecurity professionals.

In this extensive and accessible guide, Dr. R. Sarma Danturthi provides a solutions-based approach to help you master the tools, processes, and methodologies to establish security inside application and database environments. It discusses the STIG requirements for third-party applications and how to make sure these applications comply to an organizations security posture. From securing hosts and creating firewall rules to complying with increasingly tight regulatory requirements, this book will be your go-to resource to creating an ironclad cybersecurity database.

In this guide, you'll find:

  • Tangible ways to protect your company from data breaches, financial loss, and reputational harm
  • Engaging practice questions (and answers) after each chapter to solidify your understanding
  • Key information to prepare for certifications such as Sec+, CISSP, and ITIL
  • Sample scripts for both Oracle and SQL Server software and tips to secure your code
  • Advantages of DB back-end scripting over front-end hard coding to access DB
  • Processes to create security policies, practice continuous monitoring, and maintain proactive security postures

Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.

An all-encompassing guide to securing your database and applications against costly cyberattacks!

In a time when the average cyberattack costs a company [...] million, organizations are desperate for qualified database administrators and software professionals. Hackers are more innovative than ever before. Increased cybercrime means front-end applications and back-end databases must be finetuned for a strong security posture. Database and Application Security: A Practitioner's Guide is the resource you need to better fight cybercrime and become more marketable in an IT environment that is short on skilled cybersecurity professionals.

In this extensive and accessible guide, Dr. R. Sarma Danturthi provides a solutions-based approach to help you master the tools, processes, and methodologies to establish security inside application and database environments. It discusses the STIG requirements for third-party applications and how to make sure these applications comply to an organizations security posture. From securing hosts and creating firewall rules to complying with increasingly tight regulatory requirements, this book will be your go-to resource to creating an ironclad cybersecurity database.

In this guide, you'll find:

  • Tangible ways to protect your company from data breaches, financial loss, and reputational harm
  • Engaging practice questions (and answers) after each chapter to solidify your understanding
  • Key information to prepare for certifications such as Sec+, CISSP, and ITIL
  • Sample scripts for both Oracle and SQL Server software and tips to secure your code
  • Advantages of DB back-end scripting over front-end hard coding to access DB
  • Processes to create security policies, practice continuous monitoring, and maintain proactive security postures

Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.

Über den Autor

Dr. R. Sarma Danturthi holds a PhD in Engineering from the University of Memphis (Memphis, TN) and works for the US Department of Defense. He has several years of experience with IT security, coding, databases, and project management. He holds Sec+, CISSP, and PMP certifications and is the author of the book 70 Tips and Tricks for Mastering the CISSP Exam (APress, 2020).

Inhaltsverzeichnis

Foreword xvi

Introduction xvii

Part I. Security Fundamentals

Chapter 1. Basics of Cybersecurity 1

Cybersecurity 1

CIA-DAD 2

I-A-A-A 4

Defense in Depth 6

Hardware and Software Security 7

Firewalls, Access Controls, and Access Control Lists 8

Physical Security 9

Practical Example of a Server Security in an Organization 10

Summary 16

Chapter 1 Questions 17

Answers to Chapter 1 Questions 18

Chapter 2. Security Details 19

The Four Attributes: Encrypt, Compress, Index, and Archive 19

Encryption, Algorithms 22

Public Key Infrastructure 22

Email Security Example 23

Nonrepudiation, Authentication Methods (K-H-A) 25

Current and New Algorithms 26

Summary 26

Chapter 2 Questions 28

Answers to Chapter 2 Questions 29

Chapter 3. Goals of Security 31

Goals of SecuritySMART/OKR 31

Whos Who in Security: RACI 33

Creating the RACI Matrix 35

PlanningStrategic, Tactical, and Operational 36

Events and Incidents 37

Risks, Breaches, Fixes 38

Security LogsThe More the Merrier 39

Re/Engineering a Project 41

Keeping Security Up to Date 42

Summary 43

Chapter 3 Questions 44

Answers to Chapter 3 Questions 45

Part II. Database SecurityThe Back End

Chapter 4. Database Security Introduction 47

ACID, BASE of DB, and CIA Compliance 47

ACID, BASE, and CIA 47

Data in Transit, Data at Rest 49

DDL and DML 52

Designing a Secure Database 54

Structural Security 57

Functional Security 60

Data Security 61

Procedural Security 63

Summary 64

Chapter 4 Questions 65

Answers to Chapter 4 Questions 66

Chapter 5. Access Control of Data 67

Access ControlRoles for Individuals and Applications 67

MAC, DAC, RBAC, RuBAC 69

Passwords, Logins, and Maintenance 74

Hashing and Checksum Methods 76

Locking, Unlocking, Resetting 80

Monitoring User Accounts, System Account 82

Data ProtectionViews and Materialized Views 86

PII SecurityData, Metadata, and Surrogates 90

Summary 94

Chapter 5 Questions 96

Answers to Chapter 5 Questions 97

Chapter 6. Data Refresh, Backup, and Restore 99

Data RefreshManual, ETL, and Script 99

ETL Jobs 102

Security in Invoking ETL Job 104

Data Pump: Exporting and Importing 106

Backup and Restore 109

Keeping TrackDaily, Weekly, Monthly 117

Summary 119

Chapter 6 Questions 120

Answers to Chapter 6 Questions 121

Chapter 7. Host Security 123

Server Connections and Separation 123

IP Selection, Proxy, Invited Nodes 126

Access Control Lists 128

Connecting to a System/DB: Passwords, Smart Cards, Certificates 131

Cron Jobs or Task Scheduler 137

Regular Monitoring and Troubleshooting 141

Summary 144

Chapter 7 Questions 145

Answers to Chapter 7 Questions 146

Chapter 8. Proactive Monitoring 149

Logs, Logs, and More Logs 149

Data Manipulation Monitoring 150

Data Structure Monitoring 156

Third-Party or Internal Audits 159

LOG File Generation 165

Summary 172

Chapter 8 Questions 173

LAB Work 173

Answers to Chapter 8 Questions 174

Chapter 9. Risks, Monitoring, and Encryption 175

Security Terms 175

Risk, Mitigation, Transfer, Avoidance, and Ignoring 177

Organized Database Monitoring 181

Encrypting the DB: Algorithm Choices 183

Automated Alerts 185

Summary 186

Chapter 9 Questions 187

Answers to Chapter 9 Questions 188

Part III. Application SecurityThe Front End

Chapter 10. Application Security Fundamentals 189

Coding Standards 190

The Software Development Process 195

Models and Selection 199

Cohesion and Coupling 201

Development, Test, and Production 202

Client and Server 204

Side Effects of a Bad Security in Software 213

Fixing the SQL Injection Attacks 213

Evaluate User Input 214

Do Back-End Database Checks 215

Change ManagementSpeaking the Same Language 215

Secure Logging In to Applications, Access to Users 217

Summary 221

Chapter 10 Questions 223

Answer to Chapter 10 Questions 224

Chapter 11. The Unseen Back End 227

Back-End DB Connections in Java/Tomcat 238

Connection Strings and Passwords in Code 241

Stored Procedures and Functions 242

File Encryption, Types, and Association 247

Implementing Public Key Infrastructure and Smart Card 250

Examples of Key Pairs on Java and Linux 251

Symmetric Encryption 253

Asymmetric Encryption 254

Vulnerabilities, Threats, and Web Security 255

Attack Types and Mitigations 256

Summary 260

Chapter 11 Questions 261

Answers to Chapter 11 Questions 262

Chapter 12. Securing SoftwareIn-House and Vendor 263

Internal Development Versus Vendors 263

Vendor or COTS Software 264

Action Plan 265

In-House Software Development 266

Initial Considerations for In-House Software 267

Code Security Check 269

Fixing the Final ProductSAST Tools 271

Fine-tuning the ProductTesting and Release 277

Patches and Updates 278

Product Retirement/Decommissioning 280

Summary 282

Chapter 12 Questions 283

Answers to Chapter 12 Questions 284

Part IV. Security Administration

Chapter 13. Security Administration 287

Least Privilege, Need to Know, and Separation of Duties 287

Who Is Who and Why 290

Scope or User Privilege Creep 292

Change Management 294

Documenting the Process 296

Legal Liabilities 308

Software Analysis 312

Network Analysis 312

Hardware or a Device Analysis 313

Be ProactiveBenefits and Measures 314

Summary 318

Chapter 13 Questions 319

Answers to Chapter 13 Questions 320

Chapter 14. Follow a Proven Path for Security 323

Advantages of Security Administration 323

Penetration Testing 325

Penetration Test Reports 334

AuditsInternal and External and STIG Checking 337

OPSECThe Operational Security 344

Digital ForensicsSoftware Tools 346

Lessons Learned/Continuous Improvement 349

Summary 350

Chapter 14 Questions 352

Answers to Chapter 14 Questions 353

Chapter 15. Mobile Devices and Application Security 355

Authentication 356

Cryptography 359

Code Quality and Injection Attacks 360

User Privacy on the Device 360

Descriptive Claims 361

Secure Software Development Claims 361

Sandboxing 363

Mobile Applications Security Testing 364

NISTs Directions for Mobile Device Security 366

Summary 370

Chapter 15 Questions 372

Answers to Chapter 15 Questions 373

Chapter 16. Corporate Security in Practice 375

Case # 1: A Person Is Joining an Organization as a New Employee 378

Case # 2: An Employee Is Fired or Is Voluntarily Leaving the Organization 382

Case # 3: An Existing Employee Wants to Renew Their Credentials 383

Case # 4: An Existing Employees Privileges Are Increased/Decreased 383

Case # 5: A Visitor/Vendor to the Organizational Facility 384

Physical Security of DB and Applications 385

Business Continuity and Disaster Recovery 388

Attacks and LossRecognizing and Remediating 390

Recovery and Salvage 393

Getting Back to Work 394

Lessons Learned from a Ransomware AttackExample from a ISC2 Webinar 399

Summary 403

Chapter 16 Questions 404

Answers to Chapter 16 Questions 405

References 407

Index 411

Details
Erscheinungsjahr: 2024
Fachbereich: EDV
Genre: Informatik
Rubrik: Naturwissenschaften & Technik
Thema: Lexika
Medium: Taschenbuch
Inhalt: Kartoniert / Broschiert
ISBN-13: 9780138073732
ISBN-10: 0138073732
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Danturthi, R Sarma
Hersteller: Pearson Education
Maße: 234 x 188 x 20 mm
Von/Mit: R Sarma Danturthi
Erscheinungsdatum: 22.03.2024
Gewicht: 0,454 kg
Artikel-ID: 125825501
Über den Autor

Dr. R. Sarma Danturthi holds a PhD in Engineering from the University of Memphis (Memphis, TN) and works for the US Department of Defense. He has several years of experience with IT security, coding, databases, and project management. He holds Sec+, CISSP, and PMP certifications and is the author of the book 70 Tips and Tricks for Mastering the CISSP Exam (APress, 2020).

Inhaltsverzeichnis

Foreword xvi

Introduction xvii

Part I. Security Fundamentals

Chapter 1. Basics of Cybersecurity 1

Cybersecurity 1

CIA-DAD 2

I-A-A-A 4

Defense in Depth 6

Hardware and Software Security 7

Firewalls, Access Controls, and Access Control Lists 8

Physical Security 9

Practical Example of a Server Security in an Organization 10

Summary 16

Chapter 1 Questions 17

Answers to Chapter 1 Questions 18

Chapter 2. Security Details 19

The Four Attributes: Encrypt, Compress, Index, and Archive 19

Encryption, Algorithms 22

Public Key Infrastructure 22

Email Security Example 23

Nonrepudiation, Authentication Methods (K-H-A) 25

Current and New Algorithms 26

Summary 26

Chapter 2 Questions 28

Answers to Chapter 2 Questions 29

Chapter 3. Goals of Security 31

Goals of SecuritySMART/OKR 31

Whos Who in Security: RACI 33

Creating the RACI Matrix 35

PlanningStrategic, Tactical, and Operational 36

Events and Incidents 37

Risks, Breaches, Fixes 38

Security LogsThe More the Merrier 39

Re/Engineering a Project 41

Keeping Security Up to Date 42

Summary 43

Chapter 3 Questions 44

Answers to Chapter 3 Questions 45

Part II. Database SecurityThe Back End

Chapter 4. Database Security Introduction 47

ACID, BASE of DB, and CIA Compliance 47

ACID, BASE, and CIA 47

Data in Transit, Data at Rest 49

DDL and DML 52

Designing a Secure Database 54

Structural Security 57

Functional Security 60

Data Security 61

Procedural Security 63

Summary 64

Chapter 4 Questions 65

Answers to Chapter 4 Questions 66

Chapter 5. Access Control of Data 67

Access ControlRoles for Individuals and Applications 67

MAC, DAC, RBAC, RuBAC 69

Passwords, Logins, and Maintenance 74

Hashing and Checksum Methods 76

Locking, Unlocking, Resetting 80

Monitoring User Accounts, System Account 82

Data ProtectionViews and Materialized Views 86

PII SecurityData, Metadata, and Surrogates 90

Summary 94

Chapter 5 Questions 96

Answers to Chapter 5 Questions 97

Chapter 6. Data Refresh, Backup, and Restore 99

Data RefreshManual, ETL, and Script 99

ETL Jobs 102

Security in Invoking ETL Job 104

Data Pump: Exporting and Importing 106

Backup and Restore 109

Keeping TrackDaily, Weekly, Monthly 117

Summary 119

Chapter 6 Questions 120

Answers to Chapter 6 Questions 121

Chapter 7. Host Security 123

Server Connections and Separation 123

IP Selection, Proxy, Invited Nodes 126

Access Control Lists 128

Connecting to a System/DB: Passwords, Smart Cards, Certificates 131

Cron Jobs or Task Scheduler 137

Regular Monitoring and Troubleshooting 141

Summary 144

Chapter 7 Questions 145

Answers to Chapter 7 Questions 146

Chapter 8. Proactive Monitoring 149

Logs, Logs, and More Logs 149

Data Manipulation Monitoring 150

Data Structure Monitoring 156

Third-Party or Internal Audits 159

LOG File Generation 165

Summary 172

Chapter 8 Questions 173

LAB Work 173

Answers to Chapter 8 Questions 174

Chapter 9. Risks, Monitoring, and Encryption 175

Security Terms 175

Risk, Mitigation, Transfer, Avoidance, and Ignoring 177

Organized Database Monitoring 181

Encrypting the DB: Algorithm Choices 183

Automated Alerts 185

Summary 186

Chapter 9 Questions 187

Answers to Chapter 9 Questions 188

Part III. Application SecurityThe Front End

Chapter 10. Application Security Fundamentals 189

Coding Standards 190

The Software Development Process 195

Models and Selection 199

Cohesion and Coupling 201

Development, Test, and Production 202

Client and Server 204

Side Effects of a Bad Security in Software 213

Fixing the SQL Injection Attacks 213

Evaluate User Input 214

Do Back-End Database Checks 215

Change ManagementSpeaking the Same Language 215

Secure Logging In to Applications, Access to Users 217

Summary 221

Chapter 10 Questions 223

Answer to Chapter 10 Questions 224

Chapter 11. The Unseen Back End 227

Back-End DB Connections in Java/Tomcat 238

Connection Strings and Passwords in Code 241

Stored Procedures and Functions 242

File Encryption, Types, and Association 247

Implementing Public Key Infrastructure and Smart Card 250

Examples of Key Pairs on Java and Linux 251

Symmetric Encryption 253

Asymmetric Encryption 254

Vulnerabilities, Threats, and Web Security 255

Attack Types and Mitigations 256

Summary 260

Chapter 11 Questions 261

Answers to Chapter 11 Questions 262

Chapter 12. Securing SoftwareIn-House and Vendor 263

Internal Development Versus Vendors 263

Vendor or COTS Software 264

Action Plan 265

In-House Software Development 266

Initial Considerations for In-House Software 267

Code Security Check 269

Fixing the Final ProductSAST Tools 271

Fine-tuning the ProductTesting and Release 277

Patches and Updates 278

Product Retirement/Decommissioning 280

Summary 282

Chapter 12 Questions 283

Answers to Chapter 12 Questions 284

Part IV. Security Administration

Chapter 13. Security Administration 287

Least Privilege, Need to Know, and Separation of Duties 287

Who Is Who and Why 290

Scope or User Privilege Creep 292

Change Management 294

Documenting the Process 296

Legal Liabilities 308

Software Analysis 312

Network Analysis 312

Hardware or a Device Analysis 313

Be ProactiveBenefits and Measures 314

Summary 318

Chapter 13 Questions 319

Answers to Chapter 13 Questions 320

Chapter 14. Follow a Proven Path for Security 323

Advantages of Security Administration 323

Penetration Testing 325

Penetration Test Reports 334

AuditsInternal and External and STIG Checking 337

OPSECThe Operational Security 344

Digital ForensicsSoftware Tools 346

Lessons Learned/Continuous Improvement 349

Summary 350

Chapter 14 Questions 352

Answers to Chapter 14 Questions 353

Chapter 15. Mobile Devices and Application Security 355

Authentication 356

Cryptography 359

Code Quality and Injection Attacks 360

User Privacy on the Device 360

Descriptive Claims 361

Secure Software Development Claims 361

Sandboxing 363

Mobile Applications Security Testing 364

NISTs Directions for Mobile Device Security 366

Summary 370

Chapter 15 Questions 372

Answers to Chapter 15 Questions 373

Chapter 16. Corporate Security in Practice 375

Case # 1: A Person Is Joining an Organization as a New Employee 378

Case # 2: An Employee Is Fired or Is Voluntarily Leaving the Organization 382

Case # 3: An Existing Employee Wants to Renew Their Credentials 383

Case # 4: An Existing Employees Privileges Are Increased/Decreased 383

Case # 5: A Visitor/Vendor to the Organizational Facility 384

Physical Security of DB and Applications 385

Business Continuity and Disaster Recovery 388

Attacks and LossRecognizing and Remediating 390

Recovery and Salvage 393

Getting Back to Work 394

Lessons Learned from a Ransomware AttackExample from a ISC2 Webinar 399

Summary 403

Chapter 16 Questions 404

Answers to Chapter 16 Questions 405

References 407

Index 411

Details
Erscheinungsjahr: 2024
Fachbereich: EDV
Genre: Informatik
Rubrik: Naturwissenschaften & Technik
Thema: Lexika
Medium: Taschenbuch
Inhalt: Kartoniert / Broschiert
ISBN-13: 9780138073732
ISBN-10: 0138073732
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Danturthi, R Sarma
Hersteller: Pearson Education
Maße: 234 x 188 x 20 mm
Von/Mit: R Sarma Danturthi
Erscheinungsdatum: 22.03.2024
Gewicht: 0,454 kg
Artikel-ID: 125825501
Warnhinweis