Database and Application Security: A Practitioner's Guide (Final)КНИГИ » ОС И БД
Название: Database and Application Security: A Practitioner's Guide (Final) Автор: R. Sarma Danturthi Издательство: Addison-Wesley Professional/Pearson Education Год: 2024 Страниц: 448 Язык: английский Формат: epub (true) Размер: 37.2 MB
An all-encompassing guide to securing your database andapplications against costly cyberattacks!
In a time when the average cyberattack costs a company $9.48 million, organizations are desperate for qualified databaseadministrators and software professionals. Hackers are moreinnovative than ever before. Increased cybercrime means front-end applications and back-end databases must be finetuned for a strong security posture. Database and Application Security: A Practitioner's Guide is the resource you need tobetter fight cybercrime and become more marketable in an IT environment that is short on skilled cybersecurity professionals.
In this extensive and accessible guide, Dr. R. Sarma Danturthi provides a solutions-based approach to help you master the tools, processes, and methodologies to establish security inside application and database environments. It discusses the STIG requirements for third-party applications and how to make surethese applications comply to an organizations security posture. From securing hosts and creating firewall rules to complying within creasingly tight regulatory requirements, this book will be your go-to resource to creating an ironclad cybersecurity database.
The computer industry has exploded in a way nobody probably imagined. Along with that explosion came hackers, who utilize the same technology to steal information and cause immeasurable harm. Initially, hackers used viruses to create havoc, either for fun or financial damages. Now, they use innovative methods such as ransomware to lock systems and demand money in huge sums. We are at a point where we do not know what comes next in terms of these exploitations. All we can do is to check our risks, mitigate them to our best possible effort, and do continuous monitoring. By keeping our eyes open for the new threats, we can be better prepared. As you will read in this book, there is no single foolproof method to securing an application of a database. The method to secure these has been, and should always be, a multi-pronged defense method. This is known as defense in depth—employing various possible actions that can detect or even stop an attack.
For this reason, security must start from step zero and should remain a high priority throughout the life cycle of a software or database. In this book, database and application security are discussed in a practical way. Change management, running STIG tests, audits, and creating lessons learned documents are all very important in creating a suitable and secure posture for an IT organization. Each branch of IT, be it networking, operating system, coding, designing etc., has to worry about the security of IT to create a good security posture for the application, DB, or the organization at large. When resources are available, it is also important to isolate DB and application servers.
In the end, security is everyone’s responsibility and cannot be achieved by one person. For this reason, we often hear the phrase, “If you see something, say something.” Bystanders, or those who think “it is not my job to report,” are essentially responsible if they ignore a threat after seeing one. Insider threats are equally dangerous, if not more so, because a disgruntled insider may have more “inside information” that they can pass to others and exploit.
The methods discussed in this book to achieve a good security posture in an organization are only what are known to this day. In other words, this is the research we know now and are currently implementing. We must evolve with a continuous learning curve and implement new methods as hackers and attackers come up with newer techniques to exploit. These methods will continue to get more complex since servers can host more than a simple database and one application. Migration to the cloud is catching up to us too and anything that is transferred to a cloud platform is always considered to be at risk. Mobile devices such as smart phones and tablets will further evolve and all we can do is go with the flow and adapt to new technologies, new threats, and new challenges.
Cybersecurity is both a very challenging and very fun field to work in. The ultimate law to excel in this field remains to be this—keep your eyes open, learn continuously, adapt, and grow with the field. Whether you are an application developer, DB coder, DB administrator, or system administrator, this book will help you achieve a strong security posture in your organization. But remember that cybersecurity is a security posture that can only be achieved by working with everyone around you. The first line of defense in security is YOU.
In this guide, you'll find: • Tangible ways to protect your company from data breaches, financial loss, and reputational harm • Engaging practice questions (and answers) after each chapter to solidify your understanding • Key information to prepare for certifications such as Sec+, CISSP, and ITIL • Sample scripts for both Oracle and SQL Server software and tips to secure your code • Advantages of DB back-end scripting over front-end hard coding to access DB • Processes to create security policies, practice continuous monitoring, and maintain proactive security postures
Who Should Read This Book? This book is for IT professionals who want to learn how to secure their DB or their applications with a multi-pronged stature. System administrators can use this book in securing their hosts, creating firewall rules, and hardening the IIS side of hosting an application. The book might be helpful in learning security of software and DBs and may help with Sec+ and CISSP certifications.
The book should be used at every stage of the software or DB development process to create a strong cybersecurity posture. It also helps in learning the fundamentals for an aspiring student in IT and cybersecurity. The book touches on both Oracle and SQL Server software. Any programming language security can be achieved with applications by incorporating the methods discussed in this book. Students can learn about change management and its process before they enter a corporate environment. Parts of the book also discuss steps for taking care of mobile devices and BYOD at an office. This book could also be used for a general audience to understand the attacks that exist in DB and applications and learn how to prevent those attacks.
Скачать Database and Application Security: A Practitioner's Guide (Final)
Навигация
Вход на сайт
Реклама
Database and Application Security: A Practitioner's Guide (Final) 
