Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense."— Presentation transcript:

1 Securing Enterprise Applications Rich Cole

2 Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense in Depth to manage connections to the database from the application servers. Example of how University Apps uses Defense in Depth to manage connections to the database from the application servers.

3 Enterprise Architecture

4 Managing Connections

5 Security - Defense in Depth SOURCE: MICROSOFT Problem: Where to hide the database connection string used by the application to connect to the database?

6 Connection Manager Solution: Use a middle tier component to run a stored procedure in a secured “locked down” database to obtain the connection string for the application. Solution: Use a middle tier component to run a stored procedure in a secured “locked down” database to obtain the connection string for the application.

7 Security - Defense in Depth SOURCE: MICROSOFT

8 How it works

9 Benefits Connection string is stored in secure database and not in clear text on web server. Connection string is stored in secure database and not in clear text on web server. Database table containing connection strings is locked down. No Select/Insert/Update/Delete permissions. Database table containing connection strings is locked down. No Select/Insert/Update/Delete permissions. Only stored procedure allowed to run using middle tier component with its own user id and password. Only stored procedure allowed to run using middle tier component with its own user id and password. Developers need only know application name. Developers need only know application name.

Download ppt "Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense."

Similar presentations

1 June 1, 2015 Secure access to project budget information for OAR Principal Investigators Eugene F Burger Sylvia Scott Tracey Nakamura John L Forbes PMEL.

1 June 1, 2015 Secure access to project budget information for OAR Principal Investigators Eugene F Burger Sylvia Scott Tracey Nakamura John L Forbes PMEL.
Remote Access Network Management Kelly Given Allison Traina.

Remote Access Network Management Kelly Given Allison Traina.
Local Area Networks Outline –Basic Components of a LAN –Network Architectures –Topologies and LAN Technologies –Selecting a LAN –Improving LAN Performance.

Local Area Networks Outline –Basic Components of a LAN –Network Architectures –Topologies and LAN Technologies –Selecting a LAN –Improving LAN Performance.
Chapter 13 Physical Architecture Layer Design

Chapter 13 Physical Architecture Layer Design
Multiple Tiers in Action

Multiple Tiers in Action
34 42 49 51 53 55 57 63 67 69 71 73 77 83 Given Connections Solution 1 2 3 4 5 6 95.

Given Connections Solution
1 1. SQL SERVER OVERVIEW zWhat Is SQL Server? zInterfaces To Use SQL Server zSQL Server Services zTypes Of Databases zSQL Server Security.

1 1. SQL SERVER OVERVIEW zWhat Is SQL Server? zInterfaces To Use SQL Server zSQL Server Services zTypes Of Databases zSQL Server Security.
ORACLE APPLICATION SERVER BY PHANINDER SURAPANENI CIS 764.

ORACLE APPLICATION SERVER BY PHANINDER SURAPANENI CIS 764.
SQL Server Management Studio Introduction

SQL Server Management Studio Introduction
Build a SharePoint App with Microsoft Access. About me.

Build a SharePoint App with Microsoft Access. About me.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security

Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
BY ALEXANDER STEPHENS RYAN PIERCY EmCare Mobile Scheduling Application.

BY ALEXANDER STEPHENS RYAN PIERCY EmCare Mobile Scheduling Application.
The Client/Server Database Environment

The Client/Server Database Environment
Sql Server Advanced Features MIS 424 Professor Sandvig.

Sql Server Advanced Features MIS 424 Professor Sandvig.
Bentley Electric Solution Overview Agenda Product FrameWork Electric Solutions Bentley Electric Expert Designer.

Bentley Electric Solution Overview Agenda Product FrameWork Electric Solutions Bentley Electric Expert Designer.
Selected Topics on Databases n Multi-User Databases –more than one user processes the database at the same time n System Architectures for Multi-User Environments.

Selected Topics on Databases n Multi-User Databases –more than one user processes the database at the same time n System Architectures for Multi-User Environments.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
OPC Database.NET. OPC Systems.NET What is OPC Systems.NET? OPC Systems.NET is a suite of.NET and HTML5 products for SCADA, HMI, Data Historian, and live.

OPC Database.NET. OPC Systems.NET What is OPC Systems.NET? OPC Systems.NET is a suite of.NET and HTML5 products for SCADA, HMI, Data Historian, and live.
Back Office Solution For C.T Smith Stock Brokers WEG-34.

Back Office Solution For C.T Smith Stock Brokers WEG-34.
Eurotrace Hands-On The Eurotrace File System. 2 The Eurotrace file system Under MS ACCESS EUROTRACE generates several different files when you create.

Eurotrace Hands-On The Eurotrace File System. 2 The Eurotrace file system Under MS ACCESS EUROTRACE generates several different files when you create.

Similar presentations

Ads by Google