Description: Database and Application Security by R. Sarma Danturthi An all-encompassing guide to securing your database and applications against costly cyberattacks! In a time when the average cyberattack costs a company $9.48 million, organizations are desperate for qualified database administrators and software professionals. Hackers are more innovative than ever before. Increased cybercrime means front-end applications and back-end databases must be finetuned for a strong security posture. Database and Application Security: A Practitioners Guide is the resource you need to better fight cybercrime and become more marketable in an IT environment that is short on skilled cybersecurity professionals. In this extensive and accessible guide, Dr. R. Sarma Danturthi provides a solutions-based approach to help you master the tools, processes, and methodologies to establish security inside application and database environments. It discusses the STIG requirements for third-party applications and how to make sure these applications comply to an organizations security posture. From securing hosts and creating firewall rules to complying with increasingly tight regulatory requirements, this book will be your go-to resource to creating an ironclad cybersecurity database. In this guide, youll find: Tangible ways to protect your company from data breaches, financial loss, and reputational harmEngaging practice questions (and answers) after each chapter to solidify your understandingKey information to prepare for certifications such as Sec+, CISSP, and ITILSample scripts for both Oracle and SQL Server software and tips to secure your codeAdvantages of DB back-end scripting over front-end hard coding to access DBProcesses to create security policies, practice continuous monitoring, and maintain proactive security postures Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details. FORMAT Paperback CONDITION Brand New Author Biography Dr. R. Sarma Danturthi holds a PhD in Engineering from the University of Memphis (Memphis, TN) and works for the US Department of Defense. He has several years of experience with IT security, coding, databases, and project management. He holds Sec+, CISSP, and PMP certifications and is the author of the book 70 Tips and Tricks for Mastering the CISSP Exam (APress, 2020). Table of Contents Foreword xvi Introduction xvii Part I. Security Fundamentals Chapter 1. Basics of Cybersecurity 1 Cybersecurity 1 CIA-DAD 2 I-A-A-A 4 Defense in Depth 6 Hardware and Software Security 7 Firewalls, Access Controls, and Access Control Lists 8 Physical Security 9 Practical Example of a Server Security in an Organization 10 Summary 16 Chapter 1 Questions 17 Answers to Chapter 1 Questions 18 Chapter 2. Security Details 19 The Four Attributes: Encrypt, Compress, Index, and Archive 19 Encryption, Algorithms 22 Public Key Infrastructure 22 Email Security Example 23 Nonrepudiation, Authentication Methods (K-H-A) 25 Current and New Algorithms 26 Summary 26 Chapter 2 Questions 28 Answers to Chapter 2 Questions 29 Chapter 3. Goals of Security 31 Goals of Security—SMART/OKR 31 Whos Who in Security: RACI 33 Creating the RACI Matrix 35 Planning—Strategic, Tactical, and Operational 36 Events and Incidents 37 Risks, Breaches, Fixes 38 Security Logs—The More the Merrier 39 Re/Engineering a Project 41 Keeping Security Up to Date 42 Summary 43 Chapter 3 Questions 44 Answers to Chapter 3 Questions 45 Part II. Database Security—The Back End Chapter 4. Database Security Introduction 47 ACID, BASE of DB, and CIA Compliance 47 ACID, BASE, and CIA 47 Data in Transit, Data at Rest 49 DDL and DML 52 Designing a Secure Database 54 Structural Security 57 Functional Security 60 Data Security 61 Procedural Security 63 Summary 64 Chapter 4 Questions 65 Answers to Chapter 4 Questions 66 Chapter 5. Access Control of Data 67 Access Control—Roles for Individuals and Applications 67 MAC, DAC, RBAC, RuBAC 69 Passwords, Logins, and Maintenance 74 Hashing and Checksum Methods 76 Locking, Unlocking, Resetting 80 Monitoring User Accounts, System Account 82 Data Protection—Views and Materialized Views 86 PII Security—Data, Metadata, and Surrogates 90 Summary 94 Chapter 5 Questions 96 Answers to Chapter 5 Questions 97 Chapter 6. Data Refresh, Backup, and Restore 99 Data Refresh—Manual, ETL, and Script 99 ETL Jobs 102 Security in Invoking ETL Job 104 Data Pump: Exporting and Importing 106 Backup and Restore 109 Keeping Track—Daily, Weekly, Monthly 117 Summary 119 Chapter 6 Questions 120 Answers to Chapter 6 Questions 121 Chapter 7. Host Security 123 Server Connections and Separation 123 IP Selection, Proxy, Invited Nodes 126 Access Control Lists 128 Connecting to a System/DB: Passwords, Smart Cards, Certificates 131 Cron Jobs or Task Scheduler 137 Regular Monitoring and Troubleshooting 141 Summary 144 Chapter 7 Questions 145 Answers to Chapter 7 Questions 146 Chapter 8. Proactive Monitoring 149 Logs, Logs, and More Logs 149 Data Manipulation Monitoring 150 Data Structure Monitoring 156 Third-Party or Internal Audits 159 LOG File Generation 165 Summary 172 Chapter 8 Questions 173 LAB Work 173 Answers to Chapter 8 Questions 174 Chapter 9. Risks, Monitoring, and Encryption 175 Security Terms 175 Risk, Mitigation, Transfer, Avoidance, and Ignoring 177 Organized Database Monitoring 181 Encrypting the DB: Algorithm Choices 183 Automated Alerts 185 Summary 186 Chapter 9 Questions 187 Answers to Chapter 9 Questions 188 Part III. Application Security—The Front End Chapter 10. Application Security Fundamentals 189 Coding Standards 190 The Software Development Process 195 Models and Selection 199 Cohesion and Coupling 201 Development, Test, and Production 202 Client and Server 204 Side Effects of a Bad Security in Software 213 Fixing the SQL Injection Attacks 213 Evaluate User Input 214 Do Back-End Database Checks 215 Change Management—Speaking the Same Language 215 Secure Logging In to Applications, Access to Users 217 Summary 221 Chapter 10 Questions 223 Answer to Chapter 10 Questions 224 Chapter 11. The Unseen Back End 227 Back-End DB Connections in Java/Tomcat 238 Connection Strings and Passwords in Code 241 Stored Procedures and Functions 242 File Encryption, Types, and Association 247 Implementing Public Key Infrastructure and Smart Card 250 Examples of Key Pairs on Java and Linux 251 Symmetric Encryption 253 Asymmetric Encryption 254 Vulnerabilities, Threats, and Web Security 255 Attack Types and Mitigations 256 Summary 260 Chapter 11 Questions 261 Answers to Chapter 11 Questions 262 Chapter 12. Securing Software—In-House and Vendor 263 Internal Development Versus Vendors 263 Vendor or COTS Software 264 Action Plan 265 In-House Software Development 266 Initial Considerations for In-House Software 267 Code Security Check 269 Fixing the Final Product—SAST Tools 271 Fine-tuning the Product—Testing and Release 277 Patches and Updates 278 Product Retirement/Decommissioning 280 Summary 282 Chapter 12 Questions 283 Answers to Chapter 12 Questions 284 Part IV. Security Administration Chapter 13. Security Administration 287 Least Privilege, Need to Know, and Separation of Duties 287 Who Is Who and Why 290 Scope or User Privilege Creep 292 Change Management 294 Documenting the Process 296 Legal Liabilities 308 Software Analysis 312 Network Analysis 312 Hardware or a Device Analysis 313 Be Proactive—Benefits and Measures 314 Summary 318 Chapter 13 Questions 319 Answers to Chapter 13 Questions 320 Chapter 14. Follow a Proven Path for Security 323 Advantages of Security Administration 323 Penetration Testing 325 Penetration Test Reports 334 Audits—Internal and External and STIG Checking 337 OPSEC—The Operational Security 344 Digital Forensics—Software Tools 346 Lessons Learned/Continuous Improvement 349 Summary 350 Chapter 14 Questions 352 Answers to Chapter 14 Questions 353 Chapter 15. Mobile Devices and Application Security 355 Authentication 356 Cryptography 359 Code Quality and Injection Attacks 360 User Privacy on the Device 360 Descriptive Claims 361 Secure Software Development Claims 361 Sandboxing 363 Mobile Applications Security Testing 364 NISTs Directions for Mobile Device Security 366 Summary 370 Chapter 15 Questions 372 Answers to Chapter 15 Questions 373 Chapter 16. Corporate Security in Practice 375 Case # 1: A Person Is Joining an Organization as a New Employee 378 Case # 2: An Employee Is Fired or Is Voluntarily Leaving the Organization 382 Case # 3: An Existing Employee Wants to Renew Their Credentials 383 Case # 4: An Existing Employees Privileges Are Increased/Decreased 383 Case # 5: A Visitor/Vendor to the Organizational Facility 384 Physical Security of DB and Applications 385 Business Continuity and Disaster Recovery 388 Attacks and Loss—Recognizing and Remediating 390 Recovery and Salvage 393 Getting Back to Work 394 Lessons Learned from a Ransomware Attack—Example from a ISC2 Webinar 399 Summary 403 Chapter 16 Questions 404 Answers to Chapter 16 Questions 405 References 407 Index 411 Details ISBN0138073732 Author R. Sarma Danturthi ISBN-10 0138073732 ISBN-13 9780138073732 Format Paperback Imprint Addison Wesley Place of Publication Boston Country of Publication United States Birth 1957 Affiliation Wellington College, UK Position Head of Classics & Humanities Qualifications Stackpole Military History Series Editor AU Release Date 2023-05-31 NZ Release Date 2023-05-31 UK Release Date 2023-11-07 Publisher Pearson Education (US) Audience Professional & Vocational Subtitle A Practitioners Guide Year 2024 Pages 448 Publication Date 2024-04-15 US Release Date 2024-04-15 We've got this At The Nile, if you're looking for it, we've got it. With fast shipping, low prices, friendly service and well over a million items - you're bound to find what you want, at a price you'll love! TheNile_Item_ID:159107919;
Price: 110 AUD
Location: Melbourne
End Time: 2024-11-25T02:14:06.000Z
Shipping Cost: 0 AUD
Product Images
Item Specifics
Restocking fee: No
Return shipping will be paid by: Buyer
Returns Accepted: Returns Accepted
Item must be returned within: 30 Days
Format: Paperback
ISBN-13: 9780138073732
Author: R. Sarma Danturthi
Type: NA
Book Title: Database and Application Security
Language: Does not apply
Publication Name: NA