Download - INT408
7/26/2019 INT408
http://slidepdf.com/reader/full/int408 1/7
Lovely Professional University, Punjab
Course Code Course Title Course Planner Lectures Tutorials Practicals Credits
INT515 DATABASE SECURITY 14105::Ramandeep Singh 3.0 0.0 0.0 3.0
Course Category Courses with conceptual focus
TextBooks
Sr No Title Author Edition Year Publisher NameT-1 Information Security The Complete
ReferenceMark Rhodes-Ousley 2nd 2013 Tata McGraw - Hill Education
Reference Books
Sr No Title Author Edition Year Publisher Name
R-1 Beginning Microsoft SQL Server2008 Administration
Chris Leiter, Dan Wood,Michael Cierkowski,Albert Boettger
1st 2009 Wiley
Relevant Websites
Sr No (Web address) (only if relevant to the course) Salient Features
RW-1 http://www.w3schools.com/sql/sql_injection.asp SQL Injection Methods
RW-2 http://download.oracle.com/oll/tutorials/SQLInjection/index.htm Oracle Tutorials about Preventing against SQL Injection Attacks
RW-3 http://www.oracle.com/technetwork/database/features/plsql/overview/how-to-write-injection-proof-plsql-1-129572.pdf
Oracle Book for Writting SQL Injection Proof PL/SQL Code
RW-4 http://sec4app.com/download/SqlInjection.pdf SQL Injection Book
Audio Visual Aids
Sr No (AV aids) (only if relevant to the course) Salient Features
AV-1 http://www.youtube.com/watch?v=PB7hWlqTSqs SQL Injection Tutorial
AV-2 http://www.youtube.com/watch?v=gK3no-TYNRQ SQL Injection Hacking
Detailed Plan For Lectures
LTP week distribution: (LTP Weeks)
Weeks before MTE 7
Weeks After MTE 7
Spill Over 3
7/26/2019 INT408
http://slidepdf.com/reader/full/int408 2/7
WeekNumber
LectureNumber
Broad Topic(Sub Topic) Chapters/Sectionsof Text/referencebooks
Other Readings,RelevantWebsites, AudioVisual Aids,software andVirtual Labs
Lecture Description Learning Outcomes Pedagogical ToolDemonstration/ CaseStudy / Images /animation / ppt etc.Planned
Week 1 Lecture 1 Information Security Overview(Importance of InformationProtection)
T-1:Chapter 1 Discussion about theneed of InformationProtection
Students will knowabout the importance ofinformation security
Class Discussion
Lecture 2 Information Security Overview(Evolution of InformationSecurity)
T-1:Chapter 1 Discussion about theevaluation of informationsecurity program
Knowledge about theevaluation ofinformation securityprogram
Class Discussion
Lecture 3 Information Security Overview(Weakest Link)
T-1:Chapter 1 Discussion aboutvulnerabilities present inSecurity Infrastructure.
Knowledge aboutvulnerabilities presentin SecurityInfrastructure and whatis to be done to dealwith these vulnerability
Class Discussion
Week 2 Lecture 4 Information Security Overview(Building a Security Program)
T-1:Chapter 1 Discussion aboutbuilding a securityprogram
Knowledge aboutbuilding a securityprogram
Class Discussion
Lecture 5 Information Security Overview(Justifying Security Investment)
T-1:Chapter 1 Discussion about usingsecurity metrics to justifythe investment insecurity program.
Knowledge about usingsecurity metrics toustify the investment in
security program.
Brainstorming Session
Lecture 6 Risk Analysis for Data andInformation Security(ThreatDefinition)
T-1:Chapter 2 Discussion about threatanalysis
Knowledge about RiskAnalysis
Class Discussion
Risk Analysis for Data andInformation Security(ThreatSources and Types)
T-1:Chapter 2 Discussion about threatanalysis
Knowledge about RiskAnalysis
Class Discussion
Week 3 Lecture 7 Risk Analysis for Data andInformation Security(Types ofAttacks)
T-1:Chapter 2 Discussion aboutDifferent type of threats.
Knowledge aboutdifferent type of threats.
Class Discussion
Lecture 8 Risk Analysis for Data andInformation Security(RiskAnalysis)
T-1:Chapter 2 Discussion about what isRisk Analysis and howto conduct it.
Knowledge about whatis Risk Analysis andhow to conduct it.
Class Discussion
Lecture 9 SQL Server Database(Planning fora Microsoft SQL ServerInstallation)
R-1:Chapter 2 Discussion about theinitial steps for installingSQL Server
knowledge about theinitial steps forinstalling SQL Server
Demonstration withSQL Server
Week 4 Lecture 10 SQL Server Database(Installation) R-1:Chapter 2 Installing SQL Server Knowledge aboutinstalling SQL Server.
SQL ServerInstallationDemonstration
Lecture 11 SQL Server Database(Installation) R-1:Chapter 2 Installing SQL Server Knowledge aboutinstalling SQL Server.
SQL ServerInstallationDemonstration
7/26/2019 INT408
http://slidepdf.com/reader/full/int408 3/7
Week 4 Lecture 12 SQL Server Database(Configuration)
R-1:Chapter 2 Configuring SQL Serverfor Use.
Configuring SQLServer for Use.
Demonstration throughProjector and SQLServer
Week 5 Lecture 13 SQL Server Database(Configuration)
R-1:Chapter 2 Configuring SQL Serverfor Use.
Configuring SQLServer for Use.
Demonstration throughProjector and SQLServer
Lecture 14 SQL Server Database(AdditionalSecurity Considerations)
R-1:Chapter 2 Discussion aboutadditional considerationsfor SQL ServerInstallation
Knowledge aboutadditionalconsiderations for SQLServer Installation
Demonstrations ofSQL Server
Lecture 15 Term Paper,Test1
Week 6 Lecture 16 Authorization AuthenticationRoles(SQL Server Authorization)
R-1:Chapter 6 Discussion about how wecan use SQL Serverauthorization feature fordatabase security.
Knowledge about howwe can use SQL Serverauthorization feature fordatabase security.
SQL ServerDemonstration aboutAuthorization
Lecture 17 Authorization AuthenticationRoles(SQL Database Roles)
R-1:Chapter 6 Discussion about SQLServer Roles
Knowledge about howSQL Server Roles canbe used forAuthorization andDatabase Security
SQL ServerDemonstration aboutSQL Server Roles
Lecture 18 Authorization Authentication
Roles(SQL Server Authentication)
R-1:Chapter 6 Discussion about
creating users andenforcing passwordpolicy on Users.
Knnowledge about
creating users andenforcing passwordpolicy on Users.
SQL Server
Demonstration aboutSQL Authentication
Week 7 Lecture 19 Authorization AuthenticationRoles(SQL Server Authentication)
R-1:Chapter 6 Discussion aboutcreating users andenforcing passwordpolicy on Users.
Knnowledge aboutcreating users andenforcing passwordpolicy on Users.
SQL ServerDemonstration aboutSQL Authentication
Lecture 20 Authorization AuthenticationRoles(SQL Server DatabasePolicy)
R-1:Chapter 6 Discussion abut howdatabase policies canhelp in enforcingdatabase securitymeasures.
Knowledge about howdatabase policies canhelp in enforcingdatabase securitymeasures.
Class Discussion andDemonstration
Lecture 21 Authorization AuthenticationRoles(SQL Server DatabasePolicy)
R-1:Chapter 6 Discussion abut howdatabase policies canhelp in enforcingdatabase securitymeasures.
Knowledge about howdatabase policies canhelp in enforcingdatabase securitymeasures.
Class Discussion andDemonstration
MID-TERMWeek 8 Lecture 22 Authentication and Authorization
(Authentication Techniques,Authorization Techniques)
R-1:Chapter 6 Discussion about usingauthorization andauthentication in SQLServer Security
Knowledge about usingauthorization andauthentication in SQLServer Security
Class Discussion
Lecture 23 Authentication and Authorization
(Authentication Techniques,Authorization Techniques)
R-1:Chapter 6 Discussion about using
authorization andauthentication in SQLServer Security
Knowledge about using
authorization andauthentication in SQLServer Security
Class Discussion
7/26/2019 INT408
http://slidepdf.com/reader/full/int408 4/7
Week 8 Lecture 24 Authentication and Authorization(Authentication Techniques,Authorization Techniques)
R-1:Chapter 6 Discussion about usingauthorization andauthentication in SQLServer Security
Knowledge about usingauthorization andauthentication in SQLServer Security
Class Discussion
Week 9 Lecture 25 Storage Security(Evolution andModern Security , Best Practicies)
R-1:Chapter 10 Discussion aboutBackups, Restores andEncryption at the Storagelevel with Encryptionkey Management
Knowledge aboutBackups, Restores andEncryption at theStorage level withEncryption keyManagement
Demonstrations andDiscussion
Lecture 26 Storage Security(Evolution andModern Security , Best Practicies)
R-1:Chapter 10 Discussion aboutBackups, Restores andEncryption at the Storagelevel with Encryptionkey Management
Knowledge aboutBackups, Restores andEncryption at theStorage level withEncryption keyManagement
Demonstrations andDiscussion
Lecture 27 Storage Security(Evolution andModern Security , Best Practicies)
R-1:Chapter 10 Discussion aboutBackups, Restores andEncryption at the Storagelevel with Encryptionkey Management
Knowledge aboutBackups, Restores andEncryption at theStorage level withEncryption keyManagement
Demonstrations andDiscussion
Week 10 Lecture 28 Storage Security(Evolution andModern Security , Best Practicies) R-1:Chapter 10 Discussion aboutBackups, Restores andEncryption at the Storagelevel with Encryptionkey Management
Knowledge aboutBackups, Restores andEncryption at theStorage level withEncryption keyManagement
Demonstrations andDiscussion
Lecture 29 Operating System Security Models(Window Security)
T-1:Chapter 19 Discussion about theimportance of OperatingSystem security forDatabaseSecurity.OperatingSystem Vulnerability andPatching
Knowledge about theimportance ofOperating Systemsecurity for DatabaseSecurity
Class Discussion
Lecture 30 Operating System Security Models(Window Security)
T-1:Chapter 19 Discussion about theimportance of OperatingSystem security forDatabaseSecurity.OperatingSystem Vulnerability andPatching
Knowledge about theimportance ofOperating Systemsecurity for DatabaseSecurity
Class Discussion
Week 11 Lecture 31 Term Paper,Test2
Lecture 32 SQL Injection(Understanding SQLInjection)
T-1:Chapter 7 RW-1 Introduction to SQLInjection
Introduction to SQLInjection
Class Discussion
Lecture 33 SQL Injection(Understanding SQLInjection) T-1:Chapter 7 RW-1 Introduction to SQLInjection Introduction to SQLInjection Class Discussion
7/26/2019 INT408
http://slidepdf.com/reader/full/int408 5/7
Week 12 Lecture 34 SQL Injection(IdentifyingVulnerabilities)
T-1:Chapter 7 RW-2 Discussion about SQLInjection VulnerabilityScan
Knowledge about SQLVulnerability Scan
Class Discussion
Lecture 35 SQL Injection(Exploitation ofPrivileges and Passwords)
T-1:Chapter 7 RW-3 Discussion about SQLInjection VulnerabilityScan
Knowledge about SQLInjection VulnerabilityScan
Class Discussion
Lecture 36 SQL Injection(Exploitation andInformation Gathering)
T-1:Chapter 7 RW-3 Discussion about SQLInjection VulnerabilityScan
Knowledge about SQLInjection VulnerabilityScan
Class Discussion
Week 13 Lecture 37 Term Paper,Test,Mini
project3Lecture 38 SQL Injection(Defending Against
Exploitation)T-1:Chapter 7 RW-2 Writing Scripts which
are SQL injection Proof Writing Scripts whichare SQL injection Proof
Discussion
Lecture 39 SQL Injection(Defending AgainstExploitation)
T-1:Chapter 7 RW-2 Writing Scripts whichare SQL injection Proof
Writing Scripts whichare SQL injection Proof
Discussion
Week 14 Lecture 40 Disaster Recovery and BusinessContinuity Plans(DisasterRecovery, Business ContinuityPlanning, Backups,HighAvailability)
T-1:Chapter 29R-1:Chapter 9
Discussion aboutDisaster Recovery inSQL Server andBusiness Continuity Plan
about DisasterRecovery in SQLServer and BusinessContinuity Plan
Class Discussion andDemonstration throughSQL Server
Lecture 41 Disaster Recovery and Business
Continuity Plans(DisasterRecovery, Business ContinuityPlanning, Backups,HighAvailability)
T-1:Chapter 29
R-1:Chapter 9
Discussion about
Disaster Recovery inSQL Server andBusiness Continuity Plan
about Disaster
Recovery in SQLServer and BusinessContinuity Plan
Class Discussion and
Demonstration throughSQL Server
Lecture 42 Disaster Recovery and BusinessContinuity Plans(DisasterRecovery, Business ContinuityPlanning, Backups,HighAvailability)
T-1:Chapter 29R-1:Chapter 9
Discussion aboutDisaster Recovery inSQL Server andBusiness Continuity Plan
about DisasterRecovery in SQLServer and BusinessContinuity Plan
Class Discussion andDemonstration throughSQL Server
SPILL OVERWeek 15 Lecture 43 Spill Over
Lecture 44 Spill Over
Lecture 45 Spill Over
Scheme for CA:
Component Frequency Out Of Each Marks Total Marks
Term Paper,Test 2 3 10 20
Total :- 10 20
Details of Academic Task(s)
7/26/2019 INT408
http://slidepdf.com/reader/full/int408 6/7
AT No. Objective Topic of the Academic Task Nature of Academic Task(group/individuals/field
work
Evaluation Mode Allottment /submission Week
Test1 To test the studentknowledge for thesyllabus which havebeen covered in theclass upto week 5
Questions will be from syllabus upto week 5. Test Will contain 6question of 5 marks each or vice versa. Questions will be a mix ofanalytical and descriptive questions.
Individual Answer sheetssubmitted by thestudents will beevaluated and marksshall be awardedaccording to thesame.
4 / 5
Term Paper1 To gice students anoppurtunity toresearch and comeup with varioustechnologies,vulnerabilities andincidents which havetaken place in thefeild of databasesecurity and analysisof effectiveness.
Topics will be allocated to the student they will conduct researchand submit a written report to the instructor followed bypresentation.
Individual Report andPresentation will beevaluated by theclass teacher andmarks will beaccording to that.
4 / 12
Test2 To test the studentknowledge for the
syllabus covered inthe class from week6 to week 10
Questions will be from syllabus from week 6upto week 10. TestWill contain 6 question of 5 marks each or vice versa. Questions
will be a mix of analytical and descriptive questions.
Individual Marks will beawarded according
to the solutionsubmitted by thestudent.
8 / 10
List of suggested topics for term paper[at least 15] (Student to spend about 15 hrs on any one specified term paper)
Sr. No. Topic
1 Authentication techniques based on Hash Functions
2 Ethical hacking Tools & Techniques
3 Cryptography and Overview of crypto Systems
4 Use of stegnography in Information Security
5 Security Concerns in Internet Banking
6 Intrusion Detection System
7 Viruses- Types, Damages and Laws
8 Cyber Crime Laws
9 Phishing Techniques
7/26/2019 INT408
http://slidepdf.com/reader/full/int408 7/7
10 Antivirus Applications Types and Working
11 Comparative Anallysis of Access Control Techniques
12 Firewall - Types and Role in information Security
13 Security and Portability Concern with Smart Cards
14 SQL Injection and How it Work
15 SQL Injection Vulnerability Scan