Sorry, this item is not available in
Image not available for
Color:
Image not available

To view this video download Flash Player

 
Sell Us Your Item
For a $9.22 Gift Card
Trade in
Kindle Edition
Read instantly on your iPad, PC, Mac, Android tablet or Kindle Fire
Buy Price: $47.99
Rent From: $22.43
 
 
 
Have one to sell? Sell yours here

SQL Injection Attacks and Defense [Paperback]

by Justin Clarke
4.8 out of 5 stars  See all reviews (11 customer reviews)


Available from these sellers.


Free Two-Day Shipping for College Students with Amazon Student

Formats

Amazon Price New from Used from
 
Kindle Edition
Rent from
$47.99
$22.43
 
Paperback --  
Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now
There is a newer edition of this item:
SQL Injection Attacks and Defense, Second Edition SQL Injection Attacks and Defense, Second Edition 5.0 out of 5 stars (4)
$52.46
Usually ships in 1 to 3 weeks

Book Description

May 15, 2009 1597494240 978-1597494243 1st

Winner of the Best Book Bejtlich Read in 2009 award!

"SQL injection is probably the number one problem for any server-side application, and this book is unequaled in its coverage." Richard Bejtlich, http://taosecurity.blogspot.com/

SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information to turn to for help. This is the only book devoted exclusively to this long-established but recently growing threat. It includes all the currently known information about these attacks and significant insight from its contributing team of SQL injection experts.

  • What is SQL injection?-Understand what it is and how it works
  • Find, confirm, and automate SQL injection discovery
  • Discover tips and tricks for finding SQL injection within the code
  • Create exploits using SQL injection
  • Design to avoid the dangers of these attacks


  • Editorial Reviews

    Review

    "With SQL Injection Attacks and Defense penetration testers now have a resource to fill in the gaps between all of the scattered tutorials on the Internet. Learn to recognize and take advantage of SQL injection flaws of all varieties on all platforms."--Devon Kearns, IS Security Analyst

    From the Back Cover

    SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information to turn to for help. This is the only book devoted exclusively to this long-established but recently growing threat. It includes all the currently known information about these attacks and significant insight from its contributing team of SQL injection experts.

    • What is SQL injection?-Understand what it is and how it works
    • Find, confirm, and automate SQL injection discovery
    • Discover tips and tricks for finding SQL injection within the code
    • Create exploits using SQL injection
    • Design to avoid the dangers of these attacks

    Product Details

    • Paperback: 474 pages
    • Publisher: Syngress; 1st edition (May 15, 2009)
    • Language: English
    • ISBN-10: 1597494240
    • ISBN-13: 978-1597494243
    • Product Dimensions: 1.2 x 7.5 x 9.2 inches
    • Shipping Weight: 2.1 pounds
    • Average Customer Review: 4.8 out of 5 stars  See all reviews (11 customer reviews)
    • Amazon Best Sellers Rank: #633,556 in Books (See Top 100 in Books)

    More About the Author

    Justin Clarke is a co-founder and Director at Gotham Digital Science, based in the United Kingdom. He has over twelve years of experience in assessing the security of networks, web applications, and wireless networks for large financial, retail, technology and government clients in the United States, the United Kingdom and New Zealand.

    Justin is the the technical editor and lead author of "SQL Injection Attacks and Defense" (Syngress 2009), co-author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly 2005), a contributing author to "Network Security Assessment: Know Your Network, 2nd Edition" (O'Reilly 2007), as well as a speaker at a number of conferences and events on security topics, including Black Hat USA, EuSecWest, OSCON, ISACA, RSA, SANS, OWASP, and the British Computer Society. He is the author of the open source SQLBrute blind SQL injection testing tool, and is the Chapter Leader for the London chapter of OWASP.

    Customer Reviews

    Most Helpful Customer Reviews
    13 of 13 people found the following review helpful
    5.0 out of 5 stars Finally, the "Bible" for SQL Injection May 27, 2009
    By Mike
    Format:Paperback
    I'm giving "SQL Injection Attacks and Defenses" five stars for a few reasons.

    First, the book is extremely comprehensive, covering everything from basic "What is SQL Injection?" information to advanced exploit development and static analysis tools (including open source tools).

    Second, this book was obviously written very recently. The content is fresh and cutting-edge.

    Finally, the book is advanced. Though the reader doesn't necessarily need to know much about SQL Injection in order to start reading it, the book covers as much as anyone would need to know about the subject.

    SQL Injection Attacks and Defenses is a well written, comprehensive book that can be extremely useful to security professionals, developers, and database administrators interested in writing or maintaining secure code. It could easily be called the "bible" of SQL Injection.
    Comment | 
    Was this review helpful to you?
    8 of 8 people found the following review helpful
    Format:Paperback
    I just finished reviewing The Web Application Hacker's Handbook, calling it a "Serious candidate for Best Book Bejtlich Read
    2009." SQL Injection Attacks and Defense (SIAAD) is another serious contender for BBBR09. In fact, I recommend reading TWAHH first because it is a more comprehensive overview of Web application security. Next, read SIAAD as the definitive treatise on SQL injection. Syngress does not have a good track record when it comes to books with multiple authors -- SIAAD has ten! -- but SIAAD is clearly a winner.

    SIAAD is very detailed, with code samples to demonstrate the author's attack patterns. They cover multiple programming languages, multiple databases, and flood the book with examples. It's clear the authors utilize these methods for their daily work. Just about every situation is addressed, like returning database query results using DNS, HTTP, database connections, and even email. I admit I laughed when reading that chapter 7 offered "advanced topics." I thought the first 6 chapters were advanced enough, given the depth of the material!

    I had no real issues with this book, but it's important to realize you won't read about attacks against PostgreSQL, for example. Other reviewers noted this as well. However, the authors do concentrate on the methodology and offensive mindset needed to attack any SQL database. I believe dedicated readers could apply the lessons of SIAAD to products beyond MS-SQL, Oracle, and MySQL.

    Great work -- this is the sort of "niche book" that should be referenced by anyone else who wants to cover Web-related attacks.
    Comment | 
    Was this review helpful to you?
    4 of 4 people found the following review helpful
    5.0 out of 5 stars Tour de Force Coverage of SQL Injection Issues July 24, 2009
    Format:Paperback
    This is a book that I can heartily endorse. My bailiwick, and probably yours too if you are looking here, is data management and database administration. And if you function within that realm, you should be familiar with SQL injection attacks and how to defend them. Not surprisingly, given its title, that is just what this book provides.

    SQL injection is quite dangerous, and yet is commonly misunderstood by many. This book, which is devoted exclusively to the SQL injection threat and how to defend against it, provides the knowledge and tactics you will need to understand and combat SQL injection attacks.

    From the basics of vulnerability to discovery, exploitation, prevention, and mitigation measures, the book is a SQL injection tour de force. The book is up-to-date and covers unique, publicly unavailable information. One quick example of a a major benefit of this book: you can make the code level and platform level defenses offered in Chapters 8 and 9 can available to the developers and system administrators responsible for Internet development at your shop... which should minimize the risk of SQL injection attacks.

    If you are a DBA, programmer, or system analyst involved in writing Internet applications using database systems, then you owe it to yourself to buy and read SQL Injection Attacks and Defense. It just may save your data!
    Comment | 
    Was this review helpful to you?
    3 of 3 people found the following review helpful
    5.0 out of 5 stars Beats the concepts into you April 21, 2011
    Format:Paperback
    Let me preface this review by saying that I have performed and understand the subject matter fairly well. I was more interested in picking up some new tricks and techniques and also taking a look at the code review section.

    On the tips and ticks need, this book delivered. What I liked about this book was how the authors explained a myriad of ways to do something. For example, uploading a file to the file system. They covered privileges needed, how likely you'd run across something like this, the different ways for the most common RDMBSs, ways that may be more likely in the future, and etc. It was this kind of information that I was hoping to find in the book.

    I even picked up some new techniques I haven't heard about or thought about. The section on privilege escalation was incredibly interesting. Also, have you ever heard of second-order sql injection? It's something that was a 'duh' moment of the possibilities I may have missed in the past.

    There were a couple of things I, personally, did not like about this book. They sort of beat ideas into your head. This is great when you are first learning the subject. The more you hear about the subject and different wordings about the subject makes it stick into your head. However, when you know about the technique, it gets annoying to hear the same thing getting explained over and over again. This does not deviate from my overall enjoyment of the material.

    I also would have to say I was disappointed in the code review section. I believe they did a good job if you are new to code review, but a short excerpt on lexical analysis and how to create regex to search for commonly abused functions was the most it was willing to venture into this category.
    Read more ›
    Comment | 
    Was this review helpful to you?
    Most Recent Customer Reviews
    5.0 out of 5 stars Great Book
    The book was good understanding for some one that is new to SQL Injection it covers mostly the basic. OK
    Published 8 months ago by Laura E. Islas Brown
    5.0 out of 5 stars Amateur, or professional ...
    ...you should read this book. Whether you're a professional app hacker, or just want to learn what this all means -read the book. One of the best on the subject, period. Read more
    Published on May 23, 2011 by Rafal (Raf) Los
    3.0 out of 5 stars Good if you want to hack, poor if you want to defend
    The author spends 2/3 of the book showing how to hack into websites, but gives very little information on how to actually protect against these hacks.
    Published on May 13, 2011 by steven
    5.0 out of 5 stars SQL Injection Primer
    Justin has delivered his education and training on SQL Injection and Application Security at conferences all over the world and I encourage all to attend. Read more
    Published on October 28, 2010 by Swarthy Fizz
    5.0 out of 5 stars SQL Injection: The definitive guide
    This book is the only book you will ever need on SQL injection. It is the best-of-breed book, well written, full of examples and charts. Read more
    Published on August 10, 2010 by Laurent D
    5.0 out of 5 stars Good Enough to be Dangerous
    It really surprises me that SQL injection is still such a ubiquitous attack vector given that it is really fairly simple to prevent. Read more
    Published on March 25, 2010 by Hugh K. Boyd
    5.0 out of 5 stars Up to Date and Digestible Book on SQL Injection
    First off, kudos to Syngress for putting out a high quality book. It looks like they are turning things around. Read more
    Published on October 20, 2009 by Chris Gates
    Search Customer Reviews
    Only search this product's reviews
    ARRAY(0xa3e77864)


    Forums

    There are no discussions about this product yet.
    Be the first to discuss this product with the community.
    Start a new discussion
    Topic:
    First post:
    Prompts for sign-in
     



    Look for Similar Items by Category