Advanced Database Security Assessment
Overview
Computer networks are built to support business functionality and beyond communication the result of business is data. The data important to your business is your company's digital assets; it needs organisation, maintainenance and above all protection from malicious attackers. The modern corporate enterprise contains database solutions used to take care of data such as client credit card numbers, customer names and addresses, even the entire employee pay roll. Ensuring that this data can't get into the hands of unauthorised employees, your competitors or punk kids trading card numbers on IRC means that you need to recognise and secure it from this threat. The evolution of security training has shown us that the most effective way to learn about security is by learning from the people that know how to attack your systems. By understanding the threat from the attacker's perspective, you can develop effective assessment methodologies and ultimately secure what really matters from ever increasing threat.
Who Should Attend
Internal security teams, database administrators and security consultants concerned with the insecurity of database systems, the exposure they have to network and data compromises, and assessment techniques used to close security holes. In addition to course and delegate introductions and safety brief requirements, the course is split into 10 sections over two days:
- Fundamental database concepts
- Popular industry database solutions
- Database integration into business solutions
- Building a database assessment toolkit
- Database enumeration: unauthenticated
- Database enumeration: authenticated
- Identifying database vulnerabilities
- Exploiting flaws to gain control
- Developing your assessment methodology
- Database assessment flag challenge
Upon completing this course, delegates should be able to understand:
- The fundamental concepts behind database systems
- Key components within a database deployment
- The integration of databases into business solutions
- The process of thorough database assessment, including tools and methodologies
- Techniques used by hackers to exploit database flaws and vulnerabilities
- Practical assessment and attack vector considerations, through hands-on experience
Advanced Database Security Assessment has been jammed full of assessment techniques from world-renowned database experts! NGSSoftware's own researchers David Litchfield, Chris Anley, John Heasman and Bill Grindlay have joined the course authors to provide content for this training session. These four database experts have released an authoritative text: The Database Hackers Handbook and have collaborated once again to ensure the NGSSoftware's training is the best security tuition available. SQL Injection and database security guru Chris Anley has personally developed lab exercises to further push the boundaries of database security training.
What to Bring
Basic networking knowledge is required and a familiarization with database concepts would be beneficial. Experience or knowledge of specific database solutions is desirable, though not essential in order to complete the course satisfactorily. Participants are requested to bring their own laptops installed with a either Microsoft® Windows® 2000 or Windows XP, fully patched. This class provides an VMware attack image for students to use - although VMware workstation is *not* required, students are urged to have at least 512MB of RAM for best performance.
