int408

7/26/2019 INT408

http://slidepdf.com/reader/full/int408 1/7

Lovely Professional University, Punjab

Course Code Course Title Course Planner Lectures Tutorials Practicals Credits

INT515 DATABASE SECURITY 14105::Ramandeep Singh 3.0 0.0 0.0 3.0

Course Category Courses with conceptual focus

TextBooks

Sr No Title Author Edition Year Publisher NameT-1 Information Security The Complete

ReferenceMark Rhodes-Ousley 2nd 2013 Tata McGraw - Hill Education

Reference Books

Sr No Title Author Edition Year Publisher Name

R-1 Beginning Microsoft SQL Server2008 Administration

Chris Leiter, Dan Wood,Michael Cierkowski,Albert Boettger

1st 2009 Wiley

Relevant Websites

Sr No (Web address) (only if relevant to the course) Salient Features

RW-1 http://www.w3schools.com/sql/sql_injection.asp SQL Injection Methods

RW-2 http://download.oracle.com/oll/tutorials/SQLInjection/index.htm Oracle Tutorials about Preventing against SQL Injection Attacks

RW-3 http://www.oracle.com/technetwork/database/features/plsql/overview/how-to-write-injection-proof-plsql-1-129572.pdf

Oracle Book for Writting SQL Injection Proof PL/SQL Code

RW-4 http://sec4app.com/download/SqlInjection.pdf SQL Injection Book

Audio Visual Aids

Sr No (AV aids) (only if relevant to the course) Salient Features

AV-1 http://www.youtube.com/watch?v=PB7hWlqTSqs SQL Injection Tutorial

AV-2 http://www.youtube.com/watch?v=gK3no-TYNRQ SQL Injection Hacking

Detailed Plan For Lectures

LTP week distribution: (LTP Weeks)

Weeks before MTE 7

Weeks After MTE 7

Spill Over 3

7/26/2019 INT408


WeekNumber

LectureNumber

Broad Topic(Sub Topic) Chapters/Sectionsof Text/referencebooks

Other Readings,RelevantWebsites, AudioVisual Aids,software andVirtual Labs

Lecture Description Learning Outcomes Pedagogical ToolDemonstration/ CaseStudy / Images /animation / ppt etc.Planned

Week 1 Lecture 1 Information Security Overview(Importance of InformationProtection)

T-1:Chapter 1 Discussion about theneed of InformationProtection

Students will knowabout the importance ofinformation security

Class Discussion

Lecture 2 Information Security Overview(Evolution of InformationSecurity)

T-1:Chapter 1 Discussion about theevaluation of informationsecurity program

Knowledge about theevaluation ofinformation securityprogram

Class Discussion

Lecture 3 Information Security Overview(Weakest Link)

T-1:Chapter 1 Discussion aboutvulnerabilities present inSecurity Infrastructure.

Knowledge aboutvulnerabilities presentin SecurityInfrastructure and whatis to be done to dealwith these vulnerability

Class Discussion

Week 2 Lecture 4 Information Security Overview(Building a Security Program)

T-1:Chapter 1 Discussion aboutbuilding a securityprogram

Knowledge aboutbuilding a securityprogram

Class Discussion

Lecture 5 Information Security Overview(Justifying Security Investment)

T-1:Chapter 1 Discussion about usingsecurity metrics to justifythe investment insecurity program.

Knowledge about usingsecurity metrics toustify the investment in

security program.

Brainstorming Session

Lecture 6 Risk Analysis for Data andInformation Security(ThreatDefinition)

T-1:Chapter 2 Discussion about threatanalysis

Knowledge about RiskAnalysis

Class Discussion

Risk Analysis for Data andInformation Security(ThreatSources and Types)

T-1:Chapter 2 Discussion about threatanalysis

Knowledge about RiskAnalysis

Class Discussion

Week 3 Lecture 7 Risk Analysis for Data andInformation Security(Types ofAttacks)

T-1:Chapter 2 Discussion aboutDifferent type of threats.

Knowledge aboutdifferent type of threats.

Class Discussion

Lecture 8 Risk Analysis for Data andInformation Security(RiskAnalysis)

T-1:Chapter 2 Discussion about what isRisk Analysis and howto conduct it.

Knowledge about whatis Risk Analysis andhow to conduct it.

Class Discussion

Lecture 9 SQL Server Database(Planning fora Microsoft SQL ServerInstallation)

R-1:Chapter 2 Discussion about theinitial steps for installingSQL Server

knowledge about theinitial steps forinstalling SQL Server

Demonstration withSQL Server

Week 4 Lecture 10 SQL Server Database(Installation) R-1:Chapter 2 Installing SQL Server Knowledge aboutinstalling SQL Server.

SQL ServerInstallationDemonstration

Lecture 11 SQL Server Database(Installation) R-1:Chapter 2 Installing SQL Server Knowledge aboutinstalling SQL Server.

SQL ServerInstallationDemonstration

7/26/2019 INT408


Week 4 Lecture 12 SQL Server Database(Configuration)

R-1:Chapter 2 Configuring SQL Serverfor Use.

Configuring SQLServer for Use.

Demonstration throughProjector and SQLServer

Week 5 Lecture 13 SQL Server Database(Configuration)

R-1:Chapter 2 Configuring SQL Serverfor Use.

Configuring SQLServer for Use.

Demonstration throughProjector and SQLServer

Lecture 14 SQL Server Database(AdditionalSecurity Considerations)

R-1:Chapter 2 Discussion aboutadditional considerationsfor SQL ServerInstallation

Knowledge aboutadditionalconsiderations for SQLServer Installation

Demonstrations ofSQL Server

Lecture 15 Term Paper,Test1

Week 6 Lecture 16 Authorization AuthenticationRoles(SQL Server Authorization)

R-1:Chapter 6 Discussion about how wecan use SQL Serverauthorization feature fordatabase security.

Knowledge about howwe can use SQL Serverauthorization feature fordatabase security.

SQL ServerDemonstration aboutAuthorization

Lecture 17 Authorization AuthenticationRoles(SQL Database Roles)

R-1:Chapter 6 Discussion about SQLServer Roles

Knowledge about howSQL Server Roles canbe used forAuthorization andDatabase Security

SQL ServerDemonstration aboutSQL Server Roles

Lecture 18 Authorization Authentication

Roles(SQL Server Authentication)

R-1:Chapter 6 Discussion about

creating users andenforcing passwordpolicy on Users.

Knnowledge about

creating users andenforcing passwordpolicy on Users.

SQL Server

Demonstration aboutSQL Authentication

Week 7 Lecture 19 Authorization AuthenticationRoles(SQL Server Authentication)

R-1:Chapter 6 Discussion aboutcreating users andenforcing passwordpolicy on Users.

Knnowledge aboutcreating users andenforcing passwordpolicy on Users.

SQL ServerDemonstration aboutSQL Authentication

Lecture 20 Authorization AuthenticationRoles(SQL Server DatabasePolicy)

R-1:Chapter 6 Discussion abut howdatabase policies canhelp in enforcingdatabase securitymeasures.

Knowledge about howdatabase policies canhelp in enforcingdatabase securitymeasures.

Class Discussion andDemonstration

Lecture 21 Authorization AuthenticationRoles(SQL Server DatabasePolicy)

R-1:Chapter 6 Discussion abut howdatabase policies canhelp in enforcingdatabase securitymeasures.

Knowledge about howdatabase policies canhelp in enforcingdatabase securitymeasures.

Class Discussion andDemonstration

MID-TERMWeek 8 Lecture 22 Authentication and Authorization

(Authentication Techniques,Authorization Techniques)

R-1:Chapter 6 Discussion about usingauthorization andauthentication in SQLServer Security

Knowledge about usingauthorization andauthentication in SQLServer Security

Class Discussion

Lecture 23 Authentication and Authorization

(Authentication Techniques,Authorization Techniques)

R-1:Chapter 6 Discussion about using

authorization andauthentication in SQLServer Security

Knowledge about using

authorization andauthentication in SQLServer Security

Class Discussion

7/26/2019 INT408


Week 8 Lecture 24 Authentication and Authorization(Authentication Techniques,Authorization Techniques)

R-1:Chapter 6 Discussion about usingauthorization andauthentication in SQLServer Security

Knowledge about usingauthorization andauthentication in SQLServer Security

Class Discussion

Week 9 Lecture 25 Storage Security(Evolution andModern Security , Best Practicies)

R-1:Chapter 10 Discussion aboutBackups, Restores andEncryption at the Storagelevel with Encryptionkey Management

Knowledge aboutBackups, Restores andEncryption at theStorage level withEncryption keyManagement

Demonstrations andDiscussion

Lecture 26 Storage Security(Evolution andModern Security , Best Practicies)




Lecture 27 Storage Security(Evolution andModern Security , Best Practicies)




Week 10 Lecture 28 Storage Security(Evolution andModern Security , Best Practicies) R-1:Chapter 10 Discussion aboutBackups, Restores andEncryption at the Storagelevel with Encryptionkey Management



Lecture 29 Operating System Security Models(Window Security)

T-1:Chapter 19 Discussion about theimportance of OperatingSystem security forDatabaseSecurity.OperatingSystem Vulnerability andPatching

Knowledge about theimportance ofOperating Systemsecurity for DatabaseSecurity

Class Discussion

Lecture 30 Operating System Security Models(Window Security)

T-1:Chapter 19 Discussion about theimportance of OperatingSystem security forDatabaseSecurity.OperatingSystem Vulnerability andPatching

Knowledge about theimportance ofOperating Systemsecurity for DatabaseSecurity

Class Discussion

Week 11 Lecture 31 Term Paper,Test2

Lecture 32 SQL Injection(Understanding SQLInjection)

T-1:Chapter 7 RW-1 Introduction to SQLInjection

Introduction to SQLInjection

Class Discussion

Lecture 33 SQL Injection(Understanding SQLInjection) T-1:Chapter 7 RW-1 Introduction to SQLInjection Introduction to SQLInjection Class Discussion

7/26/2019 INT408


Week 12 Lecture 34 SQL Injection(IdentifyingVulnerabilities)

T-1:Chapter 7 RW-2 Discussion about SQLInjection VulnerabilityScan

Knowledge about SQLVulnerability Scan

Class Discussion

Lecture 35 SQL Injection(Exploitation ofPrivileges and Passwords)


Knowledge about SQLInjection VulnerabilityScan

Class Discussion

Lecture 36 SQL Injection(Exploitation andInformation Gathering)


Knowledge about SQLInjection VulnerabilityScan

Class Discussion

Week 13 Lecture 37 Term Paper,Test,Mini

project3Lecture 38 SQL Injection(Defending Against

Exploitation)T-1:Chapter 7 RW-2 Writing Scripts which

are SQL injection Proof Writing Scripts whichare SQL injection Proof

Discussion

Lecture 39 SQL Injection(Defending AgainstExploitation)

T-1:Chapter 7 RW-2 Writing Scripts whichare SQL injection Proof

Writing Scripts whichare SQL injection Proof

Discussion

Week 14 Lecture 40 Disaster Recovery and BusinessContinuity Plans(DisasterRecovery, Business ContinuityPlanning, Backups,HighAvailability)

T-1:Chapter 29R-1:Chapter 9

Discussion aboutDisaster Recovery inSQL Server andBusiness Continuity Plan

about DisasterRecovery in SQLServer and BusinessContinuity Plan

Class Discussion andDemonstration throughSQL Server

Lecture 41 Disaster Recovery and Business

Continuity Plans(DisasterRecovery, Business ContinuityPlanning, Backups,HighAvailability)

T-1:Chapter 29

R-1:Chapter 9

Discussion about

Disaster Recovery inSQL Server andBusiness Continuity Plan

about Disaster

Recovery in SQLServer and BusinessContinuity Plan

Class Discussion and

Demonstration throughSQL Server

Lecture 42 Disaster Recovery and BusinessContinuity Plans(DisasterRecovery, Business ContinuityPlanning, Backups,HighAvailability)

T-1:Chapter 29R-1:Chapter 9

Discussion aboutDisaster Recovery inSQL Server andBusiness Continuity Plan

about DisasterRecovery in SQLServer and BusinessContinuity Plan

Class Discussion andDemonstration throughSQL Server

SPILL OVERWeek 15 Lecture 43 Spill Over

Lecture 44 Spill Over

Lecture 45 Spill Over

Scheme for CA:

Component Frequency Out Of Each Marks Total Marks

Term Paper,Test 2 3 10 20

Total :- 10 20

Details of Academic Task(s)

7/26/2019 INT408


AT No. Objective Topic of the Academic Task Nature of Academic Task(group/individuals/field

work

Evaluation Mode Allottment /submission Week

Test1 To test the studentknowledge for thesyllabus which havebeen covered in theclass upto week 5

Questions will be from syllabus upto week 5. Test Will contain 6question of 5 marks each or vice versa. Questions will be a mix ofanalytical and descriptive questions.

Individual Answer sheetssubmitted by thestudents will beevaluated and marksshall be awardedaccording to thesame.

4 / 5

Term Paper1 To gice students anoppurtunity toresearch and comeup with varioustechnologies,vulnerabilities andincidents which havetaken place in thefeild of databasesecurity and analysisof effectiveness.

Topics will be allocated to the student they will conduct researchand submit a written report to the instructor followed bypresentation.

Individual Report andPresentation will beevaluated by theclass teacher andmarks will beaccording to that.

4 / 12

Test2 To test the studentknowledge for the

syllabus covered inthe class from week6 to week 10

Questions will be from syllabus from week 6upto week 10. TestWill contain 6 question of 5 marks each or vice versa. Questions

will be a mix of analytical and descriptive questions.

Individual Marks will beawarded according

to the solutionsubmitted by thestudent.

8 / 10

List of suggested topics for term paper[at least 15] (Student to spend about 15 hrs on any one specified term paper)

Sr. No. Topic

1 Authentication techniques based on Hash Functions

2 Ethical hacking Tools & Techniques

3 Cryptography and Overview of crypto Systems

4 Use of stegnography in Information Security

5 Security Concerns in Internet Banking

6 Intrusion Detection System

7 Viruses- Types, Damages and Laws

8 Cyber Crime Laws

9 Phishing Techniques

7/26/2019 INT408


10 Antivirus Applications Types and Working

11 Comparative Anallysis of Access Control Techniques

12 Firewall - Types and Role in information Security

13 Security and Portability Concern with Smart Cards

14 SQL Injection and How it Work

15 SQL Injection Vulnerability Scan

int408

Documents