Lovely Professional University, Punjab

Course Code Course Title Course Planner Lectures Tutorials Practicals Credits
INT515 DATABASE SECURITY 14105::Ramandeep Singh 3.0 0.0 0.0 3.0
Course Category Courses with conceptual focus
TextBooks
Sr No Title Author Edition Year Publisher Name
T-1 Information Security The Complete
Reference
Mark Rhodes-Ousley 2nd 2013 Tata McGraw - Hill Education
Reference Books
Sr No Title Author Edition Year Publisher Name
R-1 Beginning Microsoft SQL Server
2008 Administration
Chris Leiter, Dan Wood,
Michael Cierkowski,
Albert Boettger
1st 2009 Wiley
Relevant Websites
Sr No (Web address) (only if relevant to the course) Salient Features
RW-1 http://www.w3schools.com/sql/sql_injection.asp SQL Injection Methods
RW-2 http://download.oracle.com/oll/tutorials/SQLInjection/index.htm Oracle Tutorials about Preventing against SQL Injection Attacks
RW-3 http://www.oracle.com/technetwork/database/features/plsql/overview/how-to-write-
injection-proof-plsql-1-129572.pdf
Oracle Book for Writting SQL Injection Proof PL/SQL Code
RW-4 http://sec4app.com/download/SqlInjection.pdf SQL Injection Book
Audio Visual Aids
Sr No (AV aids) (only if relevant to the course) Salient Features
AV-1 http://www.youtube.com/watch?v=PB7hWlqTSqs SQL Injection Tutorial
AV-2 http://www.youtube.com/watch?v=gK3no-TYNRQ SQL Injection Hacking
Detailed Plan For Lectures
LTP week distribution: (LTP Weeks)
Weeks before MTE 7
Weeks After MTE 7
Spill Over 3
Week
Number
Lecture
Number
Broad Topic(Sub Topic) Chapters/Sections
of Text/reference
books
Other Readings,
Relevant
Websites, Audio
Visual Aids,
software and
Virtual Labs
Lecture Description Learning Outcomes Pedagogical Tool
Demonstration/ Case
Study / Images /
animation / ppt etc.
Planned
Week 1 Lecture 1 Information Security Overview
(Importance of Information
Protection)
T-1:Chapter 1 Discussion about the
need of Information
Protection
Students will know
about the importance of
information security
Class Discussion
Lecture 2 Information Security Overview
(Evolution of Information
Security)
T-1:Chapter 1 Discussion about the
evaluation of information
security program
Knowledge about the
evaluation of
information security
program
Class Discussion
Lecture 3 Information Security Overview
(Weakest Link)
T-1:Chapter 1 Discussion about
vulnerabilities present in
Security Infrastructure.
Knowledge about
vulnerabilities present
in Security
Infrastructure and what
is to be done to deal
with these vulnerability
Class Discussion
Week 2 Lecture 4 Information Security Overview
(Building a Security Program)
T-1:Chapter 1 Discussion about
building a security
program
Knowledge about
building a security
program
Class Discussion
Lecture 5 Information Security Overview
(Justifying Security Investment)
T-1:Chapter 1 Discussion about using
security metrics to justify
the investment in
security program.
Knowledge about using
security metrics to
justify the investment in
security program.
Brainstorming Session
Lecture 6 Risk Analysis for Data and
Information Security(Threat
Definition)
T-1:Chapter 2 Discussion about threat
analysis
Knowledge about Risk
Analysis
Class Discussion
Risk Analysis for Data and
Information Security(Threat
Sources and Types)
T-1:Chapter 2 Discussion about threat
analysis
Knowledge about Risk
Analysis
Class Discussion
Week 3 Lecture 7 Risk Analysis for Data and
Information Security(Types of
Attacks)
T-1:Chapter 2 Discussion about
Different type of threats.
Knowledge about
different type of threats.
Class Discussion
Lecture 8 Risk Analysis for Data and
Information Security(Risk
Analysis)
T-1:Chapter 2 Discussion about what is
Risk Analysis and how
to conduct it.
Knowledge about what
is Risk Analysis and
how to conduct it.
Class Discussion
Lecture 9 SQL Server Database(Planning for
a Microsoft SQL Server
Installation)
R-1:Chapter 2 Discussion about the
initial steps for installing
SQL Server
knowledge about the
initial steps for
installing SQL Server
Demonstration with
SQL Server
Week 4 Lecture 10 SQL Server Database(Installation) R-1:Chapter 2 Installing SQL Server Knowledge about
installing SQL Server.
SQL Server
Installation
Demonstration
Lecture 11 SQL Server Database(Installation) R-1:Chapter 2 Installing SQL Server Knowledge about
installing SQL Server.
SQL Server
Installation
Demonstration
Week 4 Lecture 12 SQL Server Database
(Configuration)
R-1:Chapter 2 Configuring SQL Server
for Use.
Configuring SQL
Server for Use.
Demonstration through
Projector and SQL
Server
Week 5 Lecture 13 SQL Server Database
(Configuration)
R-1:Chapter 2 Configuring SQL Server
for Use.
Configuring SQL
Server for Use.
Demonstration through
Projector and SQL
Server
Lecture 14 SQL Server Database(Additional
Security Considerations)
R-1:Chapter 2 Discussion about
additional considerations
for SQL Server
Installation
Knowledge about
additional
considerations for SQL
Server Installation
Demonstrations of
SQL Server
Lecture 15 Term Paper,Test1
Week 6 Lecture 16 Authorization Authentication
Roles(SQL Server Authorization)
R-1:Chapter 6 Discussion about how we
can use SQL Server
authorization feature for
database security.
Knowledge about how
we can use SQL Server
authorization feature for
database security.
SQL Server
Demonstration about
Authorization
Lecture 17 Authorization Authentication
Roles(SQL Database Roles)
R-1:Chapter 6 Discussion about SQL
Server Roles
Knowledge about how
SQL Server Roles can
be used for
Authorization and
Database Security
SQL Server
Demonstration about
SQL Server Roles
Lecture 18 Authorization Authentication
Roles(SQL Server Authentication)
R-1:Chapter 6 Discussion about
creating users and
enforcing password
policy on Users.
Knnowledge about
creating users and
enforcing password
policy on Users.
SQL Server
Demonstration about
SQL Authentication
Week 7 Lecture 19 Authorization Authentication
Roles(SQL Server Authentication)
R-1:Chapter 6 Discussion about
creating users and
enforcing password
policy on Users.
Knnowledge about
creating users and
enforcing password
policy on Users.
SQL Server
Demonstration about
SQL Authentication
Lecture 20 Authorization Authentication
Roles(SQL Server Database
Policy)
R-1:Chapter 6 Discussion abut how
database policies can
help in enforcing
database security
measures.
Knowledge about how
database policies can
help in enforcing
database security
measures.
Class Discussion and
Demonstration
Lecture 21 Authorization Authentication
Roles(SQL Server Database
Policy)
R-1:Chapter 6 Discussion abut how
database policies can
help in enforcing
database security
measures.
Knowledge about how
database policies can
help in enforcing
database security
measures.
Class Discussion and
Demonstration
MID-TERM
Week 8 Lecture 22 Authentication and Authorization
(Authentication Techniques,
Authorization Techniques)
R-1:Chapter 6 Discussion about using
authorization and
authentication in SQL
Server Security
Knowledge about using
authorization and
authentication in SQL
Server Security
Class Discussion
Lecture 23 Authentication and Authorization
(Authentication Techniques,
Authorization Techniques)
R-1:Chapter 6 Discussion about using
authorization and
authentication in SQL
Server Security
Knowledge about using
authorization and
authentication in SQL
Server Security
Class Discussion
Week 8 Lecture 24 Authentication and Authorization
(Authentication Techniques,
Authorization Techniques)
R-1:Chapter 6 Discussion about using
authorization and
authentication in SQL
Server Security
Knowledge about using
authorization and
authentication in SQL
Server Security
Class Discussion
Week 9 Lecture 25 Storage Security(Evolution and
Modern Security , Best Practicies)
R-1:Chapter 10 Discussion about
Backups, Restores and
Encryption at the Storage
level with Encryption
key Management
Knowledge about
Backups, Restores and
Encryption at the
Storage level with
Encryption key
Management
Demonstrations and
Discussion
Lecture 26 Storage Security(Evolution and
Modern Security , Best Practicies)
R-1:Chapter 10 Discussion about
Backups, Restores and
Encryption at the Storage
level with Encryption
key Management
Knowledge about
Backups, Restores and
Encryption at the
Storage level with
Encryption key
Management
Demonstrations and
Discussion
Lecture 27 Storage Security(Evolution and
Modern Security , Best Practicies)
R-1:Chapter 10 Discussion about
Backups, Restores and
Encryption at the Storage
level with Encryption
key Management
Knowledge about
Backups, Restores and
Encryption at the
Storage level with
Encryption key
Management
Demonstrations and
Discussion
Week 10 Lecture 28 Storage Security(Evolution and
Modern Security , Best Practicies)
R-1:Chapter 10 Discussion about
Backups, Restores and
Encryption at the Storage
level with Encryption
key Management
Knowledge about
Backups, Restores and
Encryption at the
Storage level with
Encryption key
Management
Demonstrations and
Discussion
Lecture 29 Operating System Security Models
(Window Security)
T-1:Chapter 19 Discussion about the
importance of Operating
System security for
Database
Security.Operating
System Vulnerability and
Patching
Knowledge about the
importance of
Operating System
security for Database
Security
Class Discussion
Lecture 30 Operating System Security Models
(Window Security)
T-1:Chapter 19 Discussion about the
importance of Operating
System security for
Database
Security.Operating
System Vulnerability and
Patching
Knowledge about the
importance of
Operating System
security for Database
Security
Class Discussion
Week 11 Lecture 31 Term Paper,Test2
Lecture 32 SQL Injection(Understanding SQL
Injection)
T-1:Chapter 7 RW-1 Introduction to SQL
Injection
Introduction to SQL
Injection
Class Discussion
Lecture 33 SQL Injection(Understanding SQL
Injection)
T-1:Chapter 7 RW-1 Introduction to SQL
Injection
Introduction to SQL
Injection
Class Discussion
Week 12 Lecture 34 SQL Injection(Identifying
Vulnerabilities)
T-1:Chapter 7 RW-2 Discussion about SQL
Injection Vulnerability
Scan
Knowledge about SQL
Vulnerability Scan
Class Discussion
Lecture 35 SQL Injection(Exploitation of
Privileges and Passwords)
T-1:Chapter 7 RW-3 Discussion about SQL
Injection Vulnerability
Scan
Knowledge about SQL
Injection Vulnerability
Scan
Class Discussion
Lecture 36 SQL Injection(Exploitation and
Information Gathering)
T-1:Chapter 7 RW-3 Discussion about SQL
Injection Vulnerability
Scan
Knowledge about SQL
Injection Vulnerability
Scan
Class Discussion
Week 13 Lecture 37 Term Paper,Test,Mini
project3
Lecture 38 SQL Injection(Defending Against
Exploitation)
T-1:Chapter 7 RW-2 Writing Scripts which
are SQL injection Proof
Writing Scripts which
are SQL injection Proof
Discussion
Lecture 39 SQL Injection(Defending Against
Exploitation)
T-1:Chapter 7 RW-2 Writing Scripts which
are SQL injection Proof
Writing Scripts which
are SQL injection Proof
Discussion
Week 14 Lecture 40 Disaster Recovery and Business
Continuity Plans(Disaster
Recovery, Business Continuity
Planning, Backups,High
Availability)
T-1:Chapter 29
R-1:Chapter 9
Discussion about
Disaster Recovery in
SQL Server and
Business Continuity Plan
about Disaster
Recovery in SQL
Server and Business
Continuity Plan
Class Discussion and
Demonstration through
SQL Server
Lecture 41 Disaster Recovery and Business
Continuity Plans(Disaster
Recovery, Business Continuity
Planning, Backups,High
Availability)
T-1:Chapter 29
R-1:Chapter 9
Discussion about
Disaster Recovery in
SQL Server and
Business Continuity Plan
about Disaster
Recovery in SQL
Server and Business
Continuity Plan
Class Discussion and
Demonstration through
SQL Server
Lecture 42 Disaster Recovery and Business
Continuity Plans(Disaster
Recovery, Business Continuity
Planning, Backups,High
Availability)
T-1:Chapter 29
R-1:Chapter 9
Discussion about
Disaster Recovery in
SQL Server and
Business Continuity Plan
about Disaster
Recovery in SQL
Server and Business
Continuity Plan
Class Discussion and
Demonstration through
SQL Server
SPILL OVER
Week 15 Lecture 43 Spill Over
Lecture 44 Spill Over
Lecture 45 Spill Over
Scheme for CA:
Component Frequency Out Of Each Marks Total Marks
Term Paper,Test 2 3 10 20
Total :- 10 20
Details of Academic Task(s)
AT No. Objective Topic of the Academic Task Nature of Academic Task
(group/individuals/field
work
Evaluation Mode Allottment /
submission Week
Test1 To test the student
knowledge for the
syllabus which have
been covered in the
class upto week 5
Questions will be from syllabus upto week 5. Test Will contain 6
question of 5 marks each or vice versa. Questions will be a mix of
analytical and descriptive questions.
Individual Answer sheets
submitted by the
students will be
evaluated and marks
shall be awarded
according to the
same.
4 / 5
Term Paper1 To gice students an
oppurtunity to
research and come
up with various
technologies,
vulnerabilities and
incidents which have
taken place in the
feild of database
security and analysis
of effectiveness.
Topics will be allocated to the student they will conduct research
and submit a written report to the instructor followed by
presentation.
Individual Report and
Presentation will be
evaluated by the
class teacher and
marks will be
according to that.
4 / 12
Test2 To test the student
knowledge for the
syllabus covered in
the class from week
6 to week 10
Questions will be from syllabus from week 6upto week 10. Test
Will contain 6 question of 5 marks each or vice versa. Questions
will be a mix of analytical and descriptive questions.
Individual Marks will be
awarded according
to the solution
submitted by the
student.
8 / 10
List of suggested topics for term paper[at least 15] (Student to spend about 15 hrs on any one specified term paper)
Sr. No. Topic
1 Authentication techniques based on Hash Functions
2 Ethical hacking Tools & Techniques
3 Cryptography and Overview of crypto Systems
4 Use of stegnography in Information Security
5 Security Concerns in Internet Banking
6 Intrusion Detection System
7 Viruses- Types, Damages and Laws
8 Cyber Crime Laws
9 Phishing Techniques
10 Antivirus Applications Types and Working
11 Comparative Anallysis of Access Control Techniques
12 Firewall - Types and Role in information Security
13 Security and Portability Concern with Smart Cards
14 SQL Injection and How it Work
15 SQL Injection Vulnerability Scan