EC-Council Certified Secure Programmer

More documents

Recommendations

Info

Page 24• SQL Server Security Modelo SQL Server Security Model: Login• Creating an SQL Server Login• Database User• Guest User• Permissions• Database Engine Permissions Hierarchy• Roleso Public Roleo Predefined Roles• Fixed Server Roles• Fixed Database Roles• User-Defined Roles• Application roles• Security Features of MS-SQL Server 2005• Added Security Features in MS-SQL Server 2008• SQL Server Security Vulnerabilities:o Buffer Overflow in pwdencrypt()o Extended Stored Procedures Contain Buffer Overflows• SQL Injection Attacks• Prevent SQL Injection Attacks• Sqlninja:o SQL Server Injection & Takeover Toolo Finding Target• Data Encryption• Built-in Encryption Capabilities• Encryption Keys• Encryption Hierarchyhttp://www.eccouncil.orgEC-Council
• Transact-SQL• Create Symmetric Key in T-SQL• Create Asymmetric Key in T-SQL• Certificates• Create Certificate in T-SQL• SQL Server Security: Administrator Checklist• Database Programming Best Practices• SQL Server Installation:o Authenticationo Authorization• Best Practices for Database Authorization• Auditing and Intrusion Detection• Enabling Auditing• Database Security Auditing Tools:o AppDetectiveProo NGSSquirrelo AuditProPage 25Module 12: SQL Rootkits• Rootkits• SQL Server Rootkit• Threats of SQL Rootkits• Evolution of SQL Rootkits• How a Rootkit Works• SQL Server 2000o Rootkit Attack on SQL Server 2000o Screenshot: Password Tamperinghttp://www.eccouncil.orgEC-Council
Page 1 and 2: Page 1EC-Council CertifiedSecure Pr
Page 3: Course DescriptionEC-Council Certif
Page 8 and 9: • Microsoft SDL Threat Modeling T
Page 11 and 12: • Countermeasure against Buffer O
Page 13 and 14: • Using Variable Arguments Proper
Page 15 and 16: o Code for GSS Client• Java Serve
Page 17 and 18: • .NET Frameworko .NET Framework
Page 19: o Design Considerationso Applicatio
Page 22 and 23: Page 22o Web Application Fingerprin
Page 26 and 27: Page 26• SQL Server 2005o Step 1:
Page 28 and 29: Page 28• Application Configuratio
Page 30 and 31: Page 30• Preventing Automatic Sub
Page 32 and 33: • Validation Process in XML• XM
Page 34 and 35: • Preventing Repurposing• SiteL
Page 36 and 37: Page 36• Authorization Controls
Page 38 and 39: Page 38Module 22: Secure Xcode Prog
Page 40 and 41: Page 40• Obfuscation Sample Code
Page 42 and 43: Page 42• Starting a Winsock 2 API
Page 44 and 45: Page 44• The Bind System Call•
Page 46 and 47: Page 46• Figures: Fake Chunk, Ove
Page 48 and 49: Page 48• The wiretap Library• A
Page 50 and 51: Page 50• Security and Trust Servi
Page 52 and 53: Page 52• SSL Certificates• Veri
Page 54 and 55: • Avoiding unvalidated redirects

EC-Council Certified Secure Programmer

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?