The Database Hacker's Handbook: Defending Database Servers 1st Edition

by David Litchfield (Author)

10 ratings

ISBN-13: 978-0764578014

ISBN-10: 9780764578014

Why is ISBN important?

Have one to sell? Sell on Amazon

Added to

Unable to add item to List. Please try again.

Condition: Used - Good

In Stock. Sold by DART & RINGO, Fulfilled by Amazon

Access codes and supplements are not guaranteed with used items.

34 Used from $3.94

FREE Shipping on orders over $25.

Deliver to Finland

In stock.
Usually ships within 4 to 5 days.

Ships from and sold by Blackwell's U.K. *dispatched from UK*.

This item ships to Finland. Get it by Thursday, Nov. 7 - Monday, Nov. 18 Choose this date at checkout.

List Price: $50.00
Save: $14.86 (30%)

9 New from $35.14

Deliver to Finland

$35.14 + $8.69 shipping

More Buying Choices

9 New from $35.14 34 Used from $3.94

43 used & new from $3.94

See All Buying Options

Databases are the nerve center of our economy. Every piece of your personal information is stored there-medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling-and relentless.

In this essential follow-up to The Shellcoder's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. You'll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.
* Identify and plug the new holes in Oracle and Microsoft(r) SQL Server
* Learn the best defenses for IBM's DB2(r), PostgreSQL, Sybase ASE, and MySQL(r) servers
* Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access
* Recognize vulnerabilities peculiar to each database
* Find out what the attackers already know

Go to www.wiley.com/go/dbhackershandbook for code samples, security alerts , and programs available for download.

Editorial Reviews

From the Back Cover

Databases are the nerve center of our economy. Every piece of your personal information is stored there―medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling―and relentless.

In this essential follow-up to The Shellcoder's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. You'll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.

Identify and plug the new holes in Oracle and Microsoft® SQL Server
Learn the best defenses for IBM's DB2®, PostgreSQL, Sybase ASE, and MySQL® servers
Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access
Recognize vulnerabilities peculiar to each database
Find out what the attackers already know

Go to www.wiley.com/go/dbhackershandbook for code samples, security alerts , and programs available for download.

About the Author

David Litchfield specializes in searching for new threats to database systems and web applications and holds the unofficial world record for finding major security flaws. He has lectured to both British and U.S. government security agencies on database security and is a regular speaker at the Blackhat Security Briefings. He is a co-author of The Shellcoder’s Handbook, SQL Server Security, and Special Ops. In his spare time he is the Managing Director of Next Generation Security Software Ltd.

Chris Anley is a co-author of The Shellcoder’s Handbook, a best-selling book about security vulnerability research. He has published whitepapers and security advisories on a number of database systems, including SQL Server, Sybase, MySQL, DB2, and Oracle.

John Heasman is a principal security consultant at NGS Software. He is a prolific security researcher and has published many security advisories relating to high-profile products such as Microsoft Windows, Real Player, Apple Quick-Time, and PostgreSQL.

Bill Grindlay is a senior security consultant and software engineer at NGS Software. He has worked on both the generalized vulnerability scanner Typhon III and the NGSSQuirreL family of database security scanners. He is a co-author of the database administrator’s guide, SQL Server Security.

Next Generation Security Software Ltd is a UK-based company that develops a suite of database server vulnerability assessment tools, the NGSSQuirreL family. Founded in 2001, NGS Software’s consulting arm is the largest dedicated security team in Europe. All four authors of this book work for NGS Software.

Paperback: 532 pages
Publisher: Wiley; 1 edition (July 14, 2005)
Language: English
ISBN-10: 9780764578014
ISBN-13: 978-0764578014
ASIN: 0764578014
Product Dimensions: 7.2 x 1.2 x 9.1 inches
Shipping Weight: 1.7 pounds (View shipping rates and policies)
Average Customer Review: 10 customer reviews
Amazon Best Sellers Rank: #761,942 in Books (See Top 100 in Books)
- #755 in Computer Hacking
- #2274 in Databases & Big Data
- #621 in Database Storage & Design

Would you like to tell us about a lower price?
If you are a seller for this product, would you like to suggest updates through seller support?

Be the first video

Your name here

Customer reviews

5 star		51%
4 star		13%
3 star		36%
2 star 0% (0%)		0%
1 star 0% (0%)		0%

Review this product

Write a customer review

10 customer reviews

There was a problem filtering reviews right now. Please try again later.

Deb and Phil L-S

Good theoretical work, but needs update

June 12, 2015

Format: PaperbackVerified Purchase

This book is now ten years old, and it's kind of frightening that it seems to be the most up-to-date work on the field of database hacking. Good sections about the seven largest databases (who mostly still own the field, all this time later). I'm working my way through the section on DB2, as that's my specialty.

I'm quite concerned that significant new threats have probably arisen in the ten years since the book's publication, and I'd love to hear that a new edition is planned; but the theoretical background and classification of threats is as valid as ever.

One significant lack here -- no discussion of security for mainframe databases (DB2 for z/OS, IMS, CA-IDMS, and presumably others), which hold a significant portion of the world's financial data.

2 people found this helpful

Helpful

Comment

Tatjana Injac

Attacking Database Servers

July 24, 2005

Format: PaperbackVerified Purchase

This review is only for the Oracle parts of the book.

The most interesting chapter is "Attacking Oracle". These guys give phrase "thinking outside of the box" the real meaning. They look for a feature or bug open to the security attack, then they shake it til it breaks. You will see exploits of AUTHID, PL/SQL injections, app. server, dbms_sql.parse bug,... most of them relevant to 9i and 10g versions.

The hacks are mainly in the sections called "Real-World Examples". Most of the exploits are already patched by Oracle and they are also available on hacking forums, but there were some new ones that were quite a revelation.

The security recommendations in the "Securing Oracle" chapter were too general, you can probably find Internet white papers on hardening Oracle that give more details. But, this book is not really about hardening Oracle, even if it says "Defending Database Servers" with small, blue letters on the front cover. This book is about attacking database servers.

I have seen David Litchfield's previous work and I am sure he knows (and has tried) more than what is written here. Can we expect to see that in "The Hacker's Handbook" part II?

8 people found this helpful

Helpful

Comment

Quilpole

Incredible! I just hope the good guys read it before the black hats do!

July 21, 2005

Format: PaperbackVerified Purchase

This book is simply amazing. I would have expected a book with a handful of descriptions of exploits against the various databases, followed by some lame generalizations about blocking the holes.

Instead, this book offers detailed information on the various exploits, and detailed information on how to fix the problems.

If you are a DBA of any of the major databases, you NEED to pick up this book sooner rather than later. Now that this book is "on the streets", it's just a question of time before all hell breaks loose :(

3 people found this helpful

Helpful

Comment

Johary G

Five Stars

October 19, 2014

Format: PaperbackVerified Purchase

Completely satisfied.

Helpful

Comment

Amazon Customer

Five Stars

February 16, 2016

Format: PaperbackVerified Purchase

Really good and in Excelent condición

Helpful

Comment

sixmonkeyjungle

Important Book For Database and Security Admins

November 20, 2005

Format: Paperback

David Litchfield is arguably the foremost expert and evangelist when it comes to database security. He, and his team of compatriots from Next Generation Security Software, have written a book that any database or security administrator should be familiar with.

Even if some of the attacks or exploits described in the book were previously obscure or unknown, the fact that they have been outlined in this book means that administrators need to know about them and defend against them before the "bad guys" read this book and take advantage of them.

One of the best aspects of this book is the way it is organized. Splitting the book into sections devoted to specific database systems makes it exceptionally simple and convenient to use. If you only use MySQL, you can skip all of the information regarding Oracle or Microsoft SQL Server, and just focus on the section of the book that applies to you.

Within each section, the authors provide a tremendous wealth of knowledge. Aside from describing weaknesses, potential exploits and protective measures to defend against them, they also look at the general architecture and the methods of authentication used by the database.

Any database admin should have a copy of this on their desk.

6 people found this helpful

Helpful

Comment

John Matlock

You Really Need the 70 Pages on Your Database

July 14, 2005

Format: Paperback

Here is a book in which you will probably only be interested in 1/7 of the pages. That means that instead of reading 528 pages you only need to read about 70. But, you may really, really need that 70 pages. The reason for this is that the book covers seven of the most common databases: IBM DB2, Oracle, MySQL, PostGreSQL, SQL Server, SyBase, Informix. These programs are so different that what applies to one does not generally apply to the others.

Each section of the book covers one of the databases. It usually begins with some history of both the database and attacks on it. For instance the Slammer worm compromised more than 75,000 SQL Server databases within ten minutes of its release in January 2003.

After that there is a discussion on the database, its architecture, how it handles things like authentication and so on.

Finally it goes into how to defend the database against attack. This includes information on how to remove unncecessary features and services that might serve as gateways to attacks, and talks about how to use the databases own internal security systems to their maximum effectiveness.

As I said, you really need the 70 or so pages that refer to your own database.

PS - What's the most secure database - PostGreSQL, and it goes into why.

23 people found this helpful

Helpful

Comment

Amazon Music Stream millions of songs	Amazon Advertising Find, attract, and engage customers	Amazon Drive Cloud storage from Amazon	6pm Score deals on fashion brands	AbeBooks Books, art & collectibles	ACX Audiobook Publishing Made Easy

Alexa Actionable Analytics for the Web	Sell on Amazon Start a Selling Account	Amazon Business Everything For Your Business	AmazonGlobal Ship Orders Internationally	Home Services Handpicked Pros Happiness Guarantee	Amazon Inspire Digital Educational Resources

Amazon Rapids Fun stories for kids on the go	Amazon Web Services Scalable Cloud Computing Services	Audible Listen to Books & Original Audio Performances	Book Depository Books With Free Delivery Worldwide	Box Office Mojo Find Movie Box Office Data	ComiXology Thousands of Digital Comics

CreateSpace Indie Print Publishing Made Easy	DPReview Digital Photography	East Dane Designer Men's Fashion	Fabric Sewing, Quilting & Knitting	Goodreads Book reviews & recommendations	IMDb Movies, TV & Celebrities

IMDbPro Get Info Entertainment Professionals Need	Kindle Direct Publishing Indie Digital Publishing Made Easy	Prime Video Direct Video Distribution Made Easy	Shopbop Designer Fashion Brands	Woot! Deals and Shenanigans	Zappos Shoes & Clothing

Ring Smart Home Security Systems	eero WiFi Stream 4K Video in Every Room	Neighbors App Real-Time Crime & Safety Alerts	Subscribe with Amazon Discover & try subscription services	PillPack Pharmacy Simplified	Amazon Second Chance Pass it on, trade it in, give it a second life

The Database Hacker's Handbook: Defending Database Servers 1st Edition

Editorial Reviews

From the Back Cover

About the Author

Product details

Related video shorts (0)

Be the first video

Customer reviews

Review this product

10 customer reviews

There was a problem filtering reviews right now. Please try again later.

The Database Hacker's Handbook: Defending Database Servers 1st Edition

Sorry, there was a problem.

Sorry, there was a problem.

Buy used On clicking this link, a new layer will be open $14.00 On clicking this link, a new layer will be open

Buy new On clicking this link, a new layer will be open $35.14 On clicking this link, a new layer will be open

Editorial Reviews

From the Back Cover

About the Author

Product details

Related video shorts (0)

Be the first video

Customer reviews

Review this product

10 customer reviews

There was a problem filtering reviews right now. Please try again later.

Buy used On clicking this link, a new layer will be open

$14.00 On clicking this link, a new layer will be open

Buy new On clicking this link, a new layer will be open

$35.14 On clicking this link, a new layer will be open