Statement of Qualifications

Statement of Qualifications

-

Documents
5 pages
Lire
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

Description

  • exposé
Phase Separation Science, Inc. Statement of Qualifications 6630 Baltimore National Pike 410-747-8770 800-932-9047 Baltimore, Maryland 21228 FAX 410-788-8723
  • project requirements during the pre-project
  • environmental science statement
  • full data packages
  • accuracy from sample receipt to final report submission
  • sample integrity
  • format requirements
  • analytical chemistry
  • project
  • laboratory

Sujets

Informations

Publié par
Nombre de visites sur la page 22
Langue English
Signaler un problème
TT8820:DatabaseSecurity(STIG) AccordingtoresearchbytheNationalInstituteofStandards,92%ofallsecurityvulnerabilitiesarenowconsideredapplicationvulnerabilitiesandnotnetworkvulnerabilitiesTriveraTechnologies’BestDefense™SecurityTrainingSeriesisasuiteoffrontlineorientedsecuritycoursesthatprovidecompleteandcurrentcoverageofDISA’sSecurityTechnicalImplementationGuides(STIGS)andassociatedchecklists.STIGSareanintegralpartoftherequiredconfigurationstandardsforDoDInformationAssurancemeasures.Thesemeasuresarefocusedonpreventingcyberespionageandcrimeaswellasdenialofserviceattacks.Ourcomprehensivesetofclassesaddresseachofthecriticalissuesheadon,asourcourses,seminarsandworkshopsexplicitly: Teachdevelopers,DBAs,andstakeholderswhatthevulnerabilitiesare Demonstrate,inrealterms,thepotentialimpactofeachofthesevulnerabilities Provideexperienceinhowtorecognizeandproperlyaddressthesevulnerabilities Teachstakeholdershowtodefendagainstthepotentialconsequencesofsecuritybreaches Illustratethevalueandtheprocessofintegratingsecurityintotheentirelifecycleofapplications,products,anddevices Course:TT8820:DatabaseSecurity(STIG)Duration:3daysSkillLevel:IntermediateandbeyondFormat:Extensivehandsonprogramminglabs,expertlecturecombinedwithopendiscussionsandhighLeveldemonstrationsanddynamicgroupexercises.Language/Tools:SpecificdatabasesthatarecurrentlycoveredareMicrosoftSQLServer,IBM’sDB2,andOracle.DeliveryFormat:Availableforonsiteprivateclassroompresentation,orliveonline/virtualpresentationAudience:DBAs,developers,andotherenterpriseteammembersCustomizable:YesDISA’sDatabaseSTIG,inconjunctionwithbothgenericandproductspecificchecklists,providesacomprehensivelistingofrequirementsandneedsforimprovingandmaintainingthesecurityofDatabaseManagementSystemswithintheDepartmentofDefense.Thiscoursefillsinthecontext,background,andbestpracticesforfulfillingthoserequirementsandneeds.Aswithallofourcourses,wemaintaintightsynchronizationbetweenthelatestDISAreleasesandourmaterials.TheclosetiesbetweenthisSTIGandtheApplicationsSecurityandDevelopmentSTIGarereflectedinthecoverageofapplicationissueswithinthecontextofthiscourse.DatabaseSecurityisanintensedatabasesecuritytrainingcourseessentialforDBAs,QA,Testing,andotherpersonnelwhoneedtodeliversecuredatabaseapplicationsandmanagesecuredatabaseswithintheDoD.Inadditiontoteachingbasicskills,thiscoursedigsdeepintosoundprocessesandpracticesthatapplytotheentiresoftwaredevelopmentlifecycle.Perhapsjustassignificantly,studentslearnaboutcurrent,realexamplesthatillustratethepotentialconsequencesofnotfollowingthesebestpractices.Data,databases,andrelatedresourcesareattheheartoftheDoD’sITinfrastructures.Theymustbeprotectedaccordingly.Inthiscourse,studentsrepeatedlyattackandthendefendvariousassetsassociatedwithafullyfunctionaldatabase.Thisapproachillustratesthemechanicsofhowtosecuredatabasesinthemostpracticalofterms.Securityexpertsagreethattheleasteffectiveapproachtosecurityis"penetrateandpatch".Itisfarmoreeffectiveto"bake"securityintoanapplicationthroughoutitslifecycle.Afterspendingsignificanttimetryingtodefendapoorlydesignedandconfigured(fromasecurityperspective)databaseapplication,studentsarereadytolearnhowtobuildsecuretheirdatabasesandapplicationsstartingatprojectinception.Thefinalportionofthiscoursebuildsonthepreviouslylearnedmechanicsforbuildingdefensesbyexploringhowdesignandanalysiscanbeusedtobuildstrongerapplicationsfromthebeginningofthesoftwarelifecycle.AkeycomponenttoourcoverageofDISA’sSecurityTechnicalImplementationGuides(STIGS),thiscourseisacompanioncoursewithseveraldeveloperorientedcoursesandseminars.Copyright © 2009 Trivera Technologies LLC Worldwide.| CollaborativeIT Training, Mentoring & Courseware Services TT8820_Database_Security_STIG_20090803 | Page1www.triveratech.com |Training@triveratech.com
TriveraTechnologiesBestDefense™ApplicationSecurityTrainingSeries What You’ll LearnCourse Objectives:Who Should AttendAudience & Prerequisites: StudentswhoattendDatabaseSecurity(STIG)willleavethecourseThisisanintermediateleveldatabasecourse,designedforthosearmedwiththeskillsrequiredtorecognizeactualandpotentialwhowishtogetupandrunningondevelopingwelldefendeddatabasevulnerabilities,implementdefensesforthosedatabaseapplications.Thiscoursemaybecustomizedtosuityourvulnerabilities,andtestthosedefensesforsufficiency.team’suniqueobjectives.ThiscoursequicklyintroducesstudentstothemostcommonFamiliaritywithdatabasesisrequiredandrealworldexperienceissecurityvulnerabilitiesfacedbydatabasestoday.Eachvulnerabilityhighlyrecommended.Ideally,studentsshouldhaveapproximatelyisexaminedfromadatabaseperspectivethroughaprocessof6monthstoayearofdatabaseworkingknowledge.describingthethreatandattackmechanisms,recognizingRelated Courses – Suggested Learning Path associatedvulnerabilities,and,finally,designing,implementing,andtestingeffectivedefenses.Multiplepracticaldemonstrationsreinforcetheseconceptswithrealvulnerabilitiesandattacks.TakeInstead:WeofferothercoursesthatprovidedifferentlevelsStudentsarethenchallengedtodesignandimplementthelayeredofknowledgeorfocus:defensestheywillneedindefendingtheirowndatabases.ForahighlevelviewoftheSTIGSandrelatedissues,considerTT8800InformationAssurance(STIG)OverviewWorkinginadynamiclearningenvironmentattendeeswilllearnto:Foranapplicationorientation,consider:TT8810ApplicationUnderstandtheconsequencesfornotproperlyhandlingSecurityandDevelopment(STIG)untrusteddatasuchasdenialofservice,crosssitescripting,Forahighlevelviewofwebapplicationsecurityandrelatedandinjectionsissues,considerTT8020UnderstandingWebApplicationBeabletoreviewandtestdatabasestodeterminetheSecurityexistenceofandeffectivenessoflayereddefensesandForindepthdevelopertrainingforwebapplicationswiththerequiredcheckslifecycleaspect,consider:TT8325SecuringWebApplicationsPreventanddefendthemanypotentialvulnerabilitiesForindepthdevelopertrainingwithlesswebapplicationassociatedwithuntrusteddataorientation,consider:TT8200JSecureJavaCoding(alsoUnderstandtheconceptsandterminologybehindsupporting,offeredfor.netorotherlanguages)designing,anddeployingsecuredatabasesAppreciatethemagnitudeoftheproblemsassociatedwithTakeAfter:Weofferavarietyofintroductorythroughadvanceddatasecurityandthepotentialrisksassociatedwiththosesecurity,development,projectmanagement,engineering,problemsarchitectureanddesigncourses.Studentsmaywanttoconsiderthefollowingtopicsasfollowontothiscourse.Understandthecurrentlyacceptedbestpracticesforsupportingthemanysecurityneedsofdatabases.TT8150MasteringSecureSOAUnderstandthevulnerabilitiesassociatedwithauthenticationTT8600SecureSoftwareDesignandauthorizationwithinthecontextofdatabasesandAdditionaladvancedSecurityorSecureProgrammingtopicsdatabaseapplicationsServiceOrientedAnalysisandDesignUnderstandthedangersandmechanismsbehindCrossSiteWebServicesIntrothroughAdvancedScripting(XSS)andInjectionattacksSoftwareEngineering,DesignorProjectManagementtracksPerformbothstaticreviewsanddynamicdatabasetestingtouncovervulnerabilitiesPleasenotealldevelopmentcoursesmayalsobeofferedinotherDesignanddevelopstrong,robustauthenticationandprogramminglanguagesortailoredtosuityouruniqueauthorizationimplementationsrequirements.Pleasecontactusfordetails.Pleasecontactusforrecommendednextstepstailoredtoyourlongertermeducation,UnderstandthefundamentalsofEncryptionaswellashowitcanbeusedaspartofthedefensiveinfrastructurefordataprojectordevelopmentobjectives.Delivery Environment: Tools to Use Thisclassis“technologycentric”,designedtotrainattendeesinessentialsecuredatabaseskills,couplingthemostcurrent,effectiveAlthoughthistrainingisskillscentric,thiscoursecanbedeliveredtechniqueswiththesoundestindustrypractices.oneofavarietyofdatabaseproducts.PleaseinquirefordetailsandThecourseprovidesasolidfoundationinbasicterminologyandoptions.concepts,extendedandbuiltuponthroughouttheengagement.StudentswillexaminevariousrecognizedattacksagainstdataandStudent Materials: What You’ll Receive databases.Processesandbestpracticesarediscussedandillustratedthroughbothdiscussionsandgroupactivities.OurrobustcoursematerialsincludemuchmorethanasimpleCopyright © 2009 Trivera Technologies LLC Worldwide.| CollaborativeIT Training, Mentoring & Courseware Services TT8820_Database_Security_STIG_20090803 | Page2www.triveratech.com |Training@triveratech.com
TriveraTechnologiesBestDefense™ApplicationSecurityTrainingSeries slideshowpresentationhandout.Studentmaterialsincludeacomprehensivehardcopycoursemanual,completewithdetailedcoursenotes,codesamples,diagramsandcurrentreferencematerials,alldirectlyrelatedtothecourseathand,indexedforeaseofuse.Stepbysteplabinstructionsandprojectdescriptionsareclearlyillustratedandcommentedformaximumlearning.Inadditiontoeverythingstudentsneedforthecourse,thecourseincludesworkshopdemonstrations;nonrestrictedworkshopsoftware,APIs,documentation,technicaleducationpapers,andspecificationsandtutorialspertinenttothetrainingcourse.Ourcoursekitsaredesignedtoserveasanexcellentandusefulreferenceset,longafterweleaveyourclassroom.Optional Pre / PostTesting & Skills Assessment Weworkwithyoutoensurethatyourresourcesarewellspent.Throughourbasiccoursepretestingand/orpostcourseassessments,weensureyourteamisuptothechallengesthatthiscourseoffers.Ourgoalistostructurethebestsolutiontoensureyourneedsaremet,whetherwecustomizethematerial,ordeviseadifferenteducationalpathtoprepareforthiscourse.Pleasecontactusfordetailsaboutouronlinepreandposttest
Session:FoundationMisconceptionsThrivingIndustryofIdentifyTheftDishonorRollofDataBreachesTJX:AnatomyofaDisasterHeartland:What?Again?SecurityConceptsTerminologyandPlayersAssets,Threats,andAttacksOWASPCWE/SANSTop25ProgrammingErrorsDISA’sSecurityTechnicalImplementationGuides(STIGS)PurposeProcessAreasCoveredChecklistsScripts(SRRs)ResourcesSecurityConcernsCommontoallDBMSsAuthenticationAuthorizationConfidentialityIntegrityAuditingReplication,Federation,andClusteringBackupandRecovery
assessmentservices,custommanagedtrainingplansforonestudentoryourentireorganization,orourcustomonlinetrainingprogrammanagementsystemformonitoringthecoursesorprogresswhileskillingyourstudentsofallexperiencelevels. Bridging the Gap: Collaborative Mentoring ServicesOurteamoftechnicalexpertsisalsoavailableforvariousprojectassistanceservicestohelpyourteamapplytheirnewlylearnedclassroomskillstotheirrealworldprojectinameaningful,practicalway,rightafterthetrainingends.Ourcustomcollaborativementoringprogramsintegratewithorextendyourteam’sclassroomtrainingexperience,tohelpbringtheseskillsintoexisting(orinherited)legacyprojects,intonewprojects,ortosimplykeepyourstudentssharptheminbetweenprojects.Ourprogramscanbehighlyinvolvedandcloselyintegratedwithyourprojecttimelinesorgroupdevelopmentefforts,orcanbelessinvolved,servingsimplyasanoverarchingeducationalframeworkor‘spotcheck’tokeepyourgroupskillsmovingforwardinbetweenprojectsorwaitingforprojectstobegin.Pleasecontactusfordetailsaboutthisexcitingcustomservice.
Workshop Topics Covered OS,Application,andNetworkComponentsDefensivePrinciplesSecurityIsALifecycleIssueMinimizeAttackSurfaceManageResourcesApplicationStatesCompartmentalizeDefenseInDepthLayeredDefenseConsiderAllApplicationStatesNotTrustingTheUntrustedSecurityDefectMitigationLeverageExperienceRealityRecent,RelevantIncidentsFindSecurityDefectsInDBMSsSession:TopDatabaseSecurityVulnerabilitiesUnvalidatedInputSourcesofUntrustedInputTrustBoundariesDesigningandImplementingDefensesBrokenAuthenticationQualityofPasswordsProtectionofPasswordsHashingPasswordsProtectingAuthenticationAssetsSystemAccountManagement
UserAccountManagementBrokenAccessControlGainingElevatedPrivilegesCompartmentalizationBasedonLevelofPrivilegeSpecialPrivilegesProvidedbyDatabaseandSystemsProtectingSpecialRolesCrossSiteScripting(XSS/CSRF)FlawsWhatandHowRoleofDatabasesinEnablingXSSDesigningandImplementingDefensesInjectionFlawsWhatandHowSQL,PL/SQL,XML,andOthersStoredProceduresBufferOverflowsDesigningandImplementingDefensesErrorHandlingandInformationLeakageWhatandHowFourDimensionsofErrorResponseProperErrorHandlingDesignInsecureHandlingDataatRestDatainMotionEncryption
Copyright © 2009 Trivera Technologies LLC Worldwide.| CollaborativeIT Training, Mentoring & Courseware Services TT8820_Database_Security_STIG_20090803 | Page3www.triveratech.com |Training@triveratech.com
TriveraTechnologiesBestDefense™ApplicationSecurityTrainingSeries CompartmentalizationBasedonPracticesBestPracticesLevelofPrivilegeEnclaveBoundaryDefensesGenericDatabaseChecksandBackupsandArchivesContinuityofServiceProceduresConnectionStringsandHigh ‐DefendingBackup/RestorationSQLServerChecksandProceduresValueServerSideCredentialsAssets(Optional)DesigningandImplementing ‐DataandSoftwareBackups ‐InstallationChecksDefenses ‐TrustedRecovery ‐DatabaseChecksInsecureManagementofVulnerabilityandIncidentOracleChecksandProceduresConfigurationManagement(Optional)InitialInstallationDatabaseAutomatedChecksPatchManagementSession:SecureSoftwareDevelopmentDatabaseInterviewChecksServerHardening(SSD)DatabaseManualChecksOperatingSystemHardeningSSDProcessOverview ‐DatabaseVerifyChecksConnectionHardeningAsset,Boundary,andVulnerability ‐HomeAutomatedChecksReplicationHardeningIdentification ‐HomeInterviewChecksBestPracticesHomeManualChecksProcess,Design,andCodeReviewsDirectObjectAccessHomeVerifyChecksApplyingProcessesandPracticesWhatandHowPracticalApplicationoftheChecklistsConfigurationSpecificationandRoleofDatabasesinEnablingComplianceAccess__________________________________SoftwareandDataBaselinesHighRiskPracticestoAvoidTestingasLifecycleProcessNeedmoredetails?PleasenotethataTestingPlanningandDocumentationSession:STIGDatabaseSecuritymoredetailedoutlineofthecoursetableTestingToolsAndProcessesRequirementsofcontents,listsoflabexercisesandPrinciplesIdentificationandAuthenticationprojectdescriptionsisavailable.PleaseReviewsGroupandIndividualcontactusatTraining@triveratech.comTestingKeyManagementPracticesforinfo.ToolsTokenandCertificatesPracticesStaticandDynamicAnalysisEnclave/ComputingEnvironmentNeedcourseware?ThiscourseisfullyTestingPracticesAuditingMechanicsandBestcustomizable,andalsoavailableforAuthenticationTestingPracticeslicensewithcompletesupportforqualifiedDataValidationTestingDataChangesandControlsorganizations.PleasecontactDenialOfServiceTestingEncryptionCourseware@triveratech.comfordetails.PrivilegeManagementSession:DatabaseChecklistsAdditionalControlsandChecklistOverview,Conventions,and_____________________________________________________________________________________________________________________Why Work With Trivera Technologies? Whetheryouareaprojectleaderchoosingatrainingproviderorcoursetobringtoyourteam,oranorganizationoraninstructorlookingtopotentiallylicenseorusecoursematerialstotrainyourownteam,orastudentlookingforanexciting,targetedtrainingclasstoattendortorecommendtoyourcolleaguesOursinglefocusistomakeYOURtrainingeventorexperienceasuccess.Here’swhychoosingTriveraTechnologiesasyourITsecurityeducationresourcetakestheriskrightoutofyourdecisionmakingprocess…Weprovideasolidsecure,design,codingandimplementationfoundation.Studentswilllearnhowtocode,use(andreuse!)essentialsecureJavaprogramminganddesignskillsandconceptsproperly,usingbestcodingpractices,groundingthemforadvancedcurriculum,andwillbepreparedfordesigningandimplementingsolutions.Studentswilllearntheimportanceofdevelopingwelldefendedapplications.Ourcoursesarefocusedno"fluff"included.Weoffermorethana“laundrylist”approachtoteaching.Alllessonshaveclearobjectives,arefundamentaltocoresecureapplicationdevelopmentanddesignpractices,andarereinforcedbyhandsonlabsandsolidpracticalexamples.Eachlessonhasperformancedrivenobjectivesthatensurestudentswilllearntechnologiesandskillscoretofundamentalserversideapplicationdesignnothingmore,nothingless.Ourmaterialsarecomprehensive,andcurrent.Ourcomprehensivemanualsincludenotonlyahardcopyofthecoursepresentation,butalsodetailedreferencenotes,pertinentdiagramsandcharts,currentlistsofsuggestedonlineresourcesandarticles,andoftentechnicaltutorialsorwhitepapersgearedtothetopicsathand.Ourdedicatedcoursedevelopmentteamkeepseverythingascurrentaspossiblewithbothindustrytrendsandsoftwareeditionstoensureyourteamisgettingthemostcurrentinformationavailable.Wefoster"LearningbyDoing".Progressivelabsaredesignedinsuchawaythatstudentsgetafirmgrasponfundamentalskillswhiletheyworktowarddesigningacompleteapplication.Alllabsaretakehome,andallsolutioncodeispresentedinaneasytouseselfstudyformat
Copyright © 2009 Trivera Technologies LLC Worldwide.| CollaborativeIT Training, Mentoring & Courseware Services TT8820_Database_Security_STIG_20090803 | Page4www.triveratech.com |Training@triveratech.com