INT408

Lovely Professional University, Punjab
Course Code
Course Title
Course Planner
Lectures
INT515
DATABASE SECURITY
14105::Ramandeep Singh
Course Category
Courses with conceptual focus
Tutorials Practicals Credits
3.0
0.0
0.0
TextBooks
Sr No
Title
Author
Edition
Year
Publisher Name
T-1
Information Security The Complete

Reference
Mark Rhodes-Ousley
2nd
2013
Tata McGraw - Hill Education
Reference Books
Sr No
Title
Author
Edition
Year
Publisher Name
R-1
Beginning Microsoft SQL Server

2008 Administration
Chris Leiter, Dan Wood,

Michael Cierkowski,
Albert Boettger
1st
2009
Wiley
Relevant Websites
Sr No
(Web address) (only if relevant to the course)
Salient Features
RW-1
http://www.w3schools.com/sql/sql_injection.asp
SQL Injection Methods
RW-2
http://download.oracle.com/oll/tutorials/SQLInjection/index.htm
Oracle Tutorials about Preventing against SQL Injection Attacks
RW-3
http://www.oracle.com/technetwork/database/features/plsql/overview/how-to-writeinjection-proof-plsql-1-129572.pdf
Oracle Book for Writting SQL Injection Proof PL/SQL Code
RW-4
http://sec4app.com/download/SqlInjection.pdf
SQL Injection Book
Audio Visual Aids

Sr No
(AV aids) (only if relevant to the course)
Salient Features
AV-1
http://www.youtube.com/watch?v=PB7hWlqTSqs
SQL Injection Tutorial
AV-2
http://www.youtube.com/watch?v=gK3no-TYNRQ
SQL Injection Hacking
LTP week distribution: (LTP Weeks)
Detailed Plan For Lectures
Weeks before MTE
Weeks After MTE
Spill Over
3.0
Week
Number
Lecture
Number
Broad Topic(Sub Topic)
Week 1
Lecture 1
Information Security Overview

(Importance of Information
Protection)
T-1:Chapter 1
Discussion about the

need of Information
Protection
Lecture 2

(Evolution of Information
Security)
T-1:Chapter 1

Knowledge about the
evaluation of information evaluation of
security program
information security
program
Lecture 3

(Weakest Link)
T-1:Chapter 1
Discussion about
Knowledge about
Class Discussion
vulnerabilities present in vulnerabilities present
Security Infrastructure. in Security
Infrastructure and what
is to be done to deal
with these vulnerability
Lecture 4

(Building a Security Program)
T-1:Chapter 1
Discussion about
building a security
program
Knowledge about
building a security
program
Lecture 5

(Justifying Security Investment)
T-1:Chapter 1
Discussion about using

security metrics to justify
the investment in
security program.
Knowledge about using Brainstorming Session

security metrics to
justify the investment in
security program.
Lecture 6
Risk Analysis for Data and

Information Security(Threat
Definition)
T-1:Chapter 2
Discussion about threat

analysis
Knowledge about Risk Class Discussion

Analysis

Information Security(Threat
Sources and Types)
T-1:Chapter 2
Discussion about threat

analysis
Knowledge about Risk Class Discussion

Analysis
Lecture 7

Information Security(Types of
Attacks)
T-1:Chapter 2
Discussion about
Knowledge about
Class Discussion
Different type of threats. different type of threats.
Lecture 8

Information Security(Risk
Analysis)
T-1:Chapter 2
Discussion about what is Knowledge about what Class Discussion

Risk Analysis and how is Risk Analysis and
to conduct it.
how to conduct it.
Lecture 9
SQL Server Database(Planning for

a Microsoft SQL Server
Installation)
R-1:Chapter 2

knowledge about the
initial steps for installing initial steps for
SQL Server
installing SQL Server
Demonstration with
SQL Server
Lecture 10
SQL Server Database(Installation)
R-1:Chapter 2
Installing SQL Server
Knowledge about
installing SQL Server.
SQL Server
Installation
Demonstration
Lecture 11
SQL Server Database(Installation)
R-1:Chapter 2
Installing SQL Server
Knowledge about
installing SQL Server.
SQL Server
Installation
Demonstration
Week 2
Week 3
Week 4
Chapters/Sections
of Text/reference
books
Other Readings, Lecture Description

Relevant
Websites, Audio
Visual Aids,
software and
Virtual Labs
Learning Outcomes
Pedagogical Tool
Demonstration/ Case
Study / Images /
animation / ppt etc.
Planned
Students will know

Class Discussion
about the importance of
information security
Class Discussion
Class Discussion
Week 4
Lecture 12
SQL Server Database

(Configuration)
R-1:Chapter 2
Configuring SQL Server Configuring SQL

for Use.
Server for Use.
Demonstration through
Projector and SQL
Server
Week 5
Lecture 13
SQL Server Database

(Configuration)
R-1:Chapter 2
Configuring SQL Server Configuring SQL

for Use.
Server for Use.
Projector and SQL
Server
Lecture 14
SQL Server Database(Additional

Security Considerations)
R-1:Chapter 2
Discussion about
additional considerations
for SQL Server
Installation
Lecture 15
Week 6
Week 7
Knowledge about
Demonstrations of
additional
SQL Server
considerations for SQL
Server Installation
Term Paper,Test1
Lecture 16
Authorization Authentication
Roles(SQL Server Authorization)
R-1:Chapter 6
Discussion about how we

can use SQL Server
authorization feature for
database security.
Knowledge about how SQL Server

we can use SQL Server Demonstration about
authorization feature for Authorization
database security.
Lecture 17
Roles(SQL Database Roles)
R-1:Chapter 6
Discussion about SQL

Server Roles
Knowledge about how

SQL Server Roles can
be used for
Authorization and
Database Security
SQL Server
Demonstration about
SQL Server Roles
Lecture 18
Roles(SQL Server Authentication)
R-1:Chapter 6
Discussion about
creating users and
enforcing password
policy on Users.
Knnowledge about
creating users and
enforcing password
policy on Users.
SQL Server
Demonstration about
SQL Authentication
Lecture 19
Roles(SQL Server Authentication)
R-1:Chapter 6
Discussion about
creating users and
enforcing password
policy on Users.
Knnowledge about
creating users and
enforcing password
policy on Users.
SQL Server
Demonstration about
SQL Authentication
Lecture 20
Roles(SQL Server Database
Policy)
R-1:Chapter 6
Discussion abut how

database policies can
help in enforcing
database security
measures.
Knowledge about how

help in enforcing
database security
measures.
Class Discussion and

Demonstration
Lecture 21
Roles(SQL Server Database
Policy)
R-1:Chapter 6
Discussion abut how

help in enforcing
database security
measures.
Knowledge about how

help in enforcing
database security
measures.

Demonstration
MID-TERM
Week 8
Lecture 22
Authentication and Authorization

(Authentication Techniques,
Authorization Techniques)
R-1:Chapter 6

authorization and
authentication in SQL
Server Security
Knowledge about using Class Discussion

authorization and
Server Security
Lecture 23

R-1:Chapter 6

authorization and
Server Security

authorization and
Server Security
Week 8
Lecture 24

R-1:Chapter 6

authorization and
Server Security

authorization and
Server Security
Week 9
Lecture 25
Storage Security(Evolution and

Modern Security , Best Practicies)
R-1:Chapter 10
Discussion about
Backups, Restores and
Encryption at the Storage
level with Encryption
key Management
Knowledge about
Encryption at the
Storage level with
Encryption key
Management
Demonstrations and
Discussion
Lecture 26

R-1:Chapter 10
Discussion about
key Management
Knowledge about
Encryption at the
Storage level with
Encryption key
Management
Demonstrations and
Discussion
Lecture 27

R-1:Chapter 10
Discussion about
key Management
Knowledge about
Encryption at the
Storage level with
Encryption key
Management
Demonstrations and
Discussion
Lecture 28

R-1:Chapter 10
Discussion about
key Management
Knowledge about
Encryption at the
Storage level with
Encryption key
Management
Demonstrations and
Discussion
Lecture 29
Operating System Security Models

(Window Security)
T-1:Chapter 19

importance of Operating
System security for
Database
Security.Operating
System Vulnerability and
Patching
Knowledge about the

importance of
Operating System
security for Database
Security
Class Discussion
Lecture 30
Operating System Security Models

(Window Security)
T-1:Chapter 19

importance of Operating
System security for
Database
Security.Operating
System Vulnerability and
Patching
Knowledge about the

importance of
Operating System
security for Database
Security
Class Discussion
Week 10
Week 11
Lecture 31
Term Paper,Test2
Lecture 32
SQL Injection(Understanding SQL

Injection)
T-1:Chapter 7
RW-1
Introduction to SQL
Injection
Introduction to SQL
Injection
Class Discussion
Lecture 33
SQL Injection(Understanding SQL

Injection)
T-1:Chapter 7
RW-1
Introduction to SQL
Injection
Introduction to SQL
Injection
Class Discussion
Week 12
Week 13
Week 14
Lecture 34
SQL Injection(Identifying
Vulnerabilities)
T-1:Chapter 7
RW-2

Injection Vulnerability
Scan
Knowledge about SQL Class Discussion

Vulnerability Scan
Lecture 35
SQL Injection(Exploitation of
Privileges and Passwords)
T-1:Chapter 7
RW-3

Scan

Scan
Lecture 36
SQL Injection(Exploitation and

Information Gathering)
T-1:Chapter 7
RW-3

Scan

Scan
Lecture 37
Term Paper,Test,Mini
project3
Lecture 38
SQL Injection(Defending Against

Exploitation)
T-1:Chapter 7
RW-2
Writing Scripts which

are SQL injection Proof
Writing Scripts which Discussion

Lecture 39
SQL Injection(Defending Against

Exploitation)
T-1:Chapter 7
RW-2
Writing Scripts which

Writing Scripts which Discussion

Lecture 40
Disaster Recovery and Business

Continuity Plans(Disaster
Recovery, Business Continuity
Planning, Backups,High
Availability)
T-1:Chapter 29
R-1:Chapter 9
Discussion about
Disaster Recovery in
SQL Server and
Business Continuity Plan
about Disaster
Recovery in SQL
Server and Business
Continuity Plan

SQL Server
Lecture 41

Availability)
T-1:Chapter 29
R-1:Chapter 9
Discussion about
SQL Server and
about Disaster
Recovery in SQL
Server and Business
Continuity Plan

SQL Server
Lecture 42

Availability)
T-1:Chapter 29
R-1:Chapter 9
Discussion about
SQL Server and
about Disaster
Recovery in SQL
Server and Business
Continuity Plan

SQL Server
SPILL OVER
Week 15
Lecture 43
Spill Over
Lecture 44
Spill Over
Lecture 45
Spill Over
Scheme for CA:

Component
Term Paper,Test
Frequency
Out Of
2
3
Total :-
Details of Academic Task(s)
Each Marks Total Marks

10
20
10
20
AT No.
Objective
Topic of the Academic Task
Nature of Academic Task

(group/individuals/field
work
Evaluation Mode
Allottment /
submission Week
Test1
To test the student Questions will be from syllabus upto week 5. Test Will contain 6 Individual
knowledge for the
question of 5 marks each or vice versa. Questions will be a mix of
syllabus which have analytical and descriptive questions.
been covered in the
class upto week 5
Answer sheets
submitted by the
students will be
evaluated and marks
shall be awarded
according to the
same.
4/5
Term Paper1
To gice students an Topics will be allocated to the student they will conduct research Individual
oppurtunity to
and submit a written report to the instructor followed by
research and come presentation.
up with various
technologies,
vulnerabilities and
incidents which have
taken place in the
feild of database
security and analysis
of effectiveness.
Report and
Presentation will be
evaluated by the
class teacher and
marks will be
according to that.
4 / 12
Test2
To test the student Questions will be from syllabus from week 6upto week 10. Test
knowledge for the
Will contain 6 question of 5 marks each or vice versa. Questions
syllabus covered in will be a mix of analytical and descriptive questions.
the class from week
6 to week 10
Marks will be
awarded according
to the solution
submitted by the
student.
8 / 10
Individual
List of suggested topics for term paper[at least 15] (Student to spend about 15 hrs on any one specified term paper)
Sr. No.
Topic
1 Authentication techniques based on Hash Functions
2 Ethical hacking Tools & Techniques
3 Cryptography and Overview of crypto Systems
4 Use of stegnography in Information Security
5 Security Concerns in Internet Banking
6 Intrusion Detection System
7 Viruses- Types, Damages and Laws
8 Cyber Crime Laws
9 Phishing Techniques
10 Antivirus Applications Types and Working

11 Comparative Anallysis of Access Control Techniques
12 Firewall - Types and Role in information Security
13 Security and Portability Concern with Smart Cards
14 SQL Injection and How it Work
15 SQL Injection Vulnerability Scan

INT408

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

INT408

Uploaded by

Copyright:

Available Formats

Lovely Professional University, Punjab

Courses with conceptual focus

Tutorials Practicals Credits

Information Security The Complete

Tata McGraw - Hill Education

Beginning Microsoft SQL Server

Chris Leiter, Dan Wood,

(Web address) (only if relevant to the course)

SQL Injection Methods

Oracle Tutorials about Preventing against SQL Injection Attacks

Oracle Book for Writting SQL Injection Proof PL/SQL Code

SQL Injection Book

Audio Visual Aids

(AV aids) (only if relevant to the course)

SQL Injection Tutorial

SQL Injection Hacking

LTP week distribution: (LTP Weeks)

Detailed Plan For Lectures

Weeks before MTE

Weeks After MTE

Broad Topic(Sub Topic)

Information Security Overview

Discussion about the

Information Security Overview

Discussion about the

Information Security Overview

Information Security Overview

Information Security Overview

Discussion about using

Knowledge about using Brainstorming Session

Risk Analysis for Data and

Discussion about threat

Knowledge about Risk Class Discussion

Risk Analysis for Data and

Discussion about threat

Knowledge about Risk Class Discussion

Risk Analysis for Data and

Risk Analysis for Data and

Discussion about what is Knowledge about what Class Discussion

SQL Server Database(Planning for

Discussion about the

SQL Server Database(Installation)

Installing SQL Server

SQL Server Database(Installation)

Installing SQL Server

Other Readings, Lecture Description

Students will know

SQL Server Database

Configuring SQL Server Configuring SQL

SQL Server Database

Configuring SQL Server Configuring SQL

SQL Server Database(Additional

Discussion about how we

Knowledge about how SQL Server

Discussion about SQL

Knowledge about how

Discussion abut how

Knowledge about how

Class Discussion and

Discussion abut how

Knowledge about how

Class Discussion and

Authentication and Authorization

Discussion about using