Enjoy fast, FREE delivery, exclusive deals and award-winning movies & TV shows with Prime
Try Prime and start saving today with Fast, FREE Delivery

FREE Returns

FREE delivery Monday, November 13

Select delivery location

Only 2 left in stock (more on the way).

$$59.95 () Includes selected options. Includes initial monthly payment and selected options. Details

Payment

Secure transaction

Payment

Secure transaction

We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more

Ships from

Amazon.com

Ships from

Amazon.com

Sold by

Amazon.com

Sold by

Amazon.com

Returns

Returnable until Jan 31, 2024

Returns

Returnable until Jan 31, 2024

For the 2023 holiday season, eligible items purchased between November 1 and December 31, 2023 can be returned until January 31, 2024

Read full return policy

Details

Add a gift receipt for easy returns

$3.99 delivery November 10 - 16. Details

Or fastest delivery November 8 - 13. Details

Select delivery location

Used: Very Good | Details

Sold by HPB-Red

Access codes and supplements are not guaranteed with used items.

Have one to sell?

Sell on Amazon

Image Unavailable

Image not available for
Color:

To view this video download Flash Player

Follow the author

Justin Clarke

SQL Injection Attacks and Defense 2nd Edition

by Justin Clarke-Salt (Author)

4.3 33 ratings

See all formats and editions

Price

New from

Used from

Kindle

"Please retry"

$44.99

—

Paperback, Illustrated

"Please retry"

$59.95

$55.31

$31.65

Kindle
$44.99 Read with our free app
Paperback
$31.65 - $59.95

12 Used from $31.65 11 New from $55.31

{"desktop_buybox_group_1":[{"displayPrice":"$59.95","priceAmount":59.95,"currencySymbol":"$","integerValue":"59","decimalSeparator":".","fractionalValue":"95","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"6Hbbr3AvBUzJLsxO7kCom98HbvWuQYGyIozNC92YTBai2NPjaM4SAuJIqg0d7IJBeHCPnXFsidgRfre%2FhopFxT0OmJkfwIR%2BbqxPhrb3WsNP8zZgkpZGSZLHEGYgGt2S6n2hIFqagQWea%2FWnQBQ8Vg%3D%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$31.65","priceAmount":31.65,"currencySymbol":"$","integerValue":"31","decimalSeparator":".","fractionalValue":"65","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"6Hbbr3AvBUzJLsxO7kCom98HbvWuQYGy4wll9M4ba0YaZ94NXbR6i5iN9xhohDtZxSle09V5BjxRblQdN%2BzVT6BlRuiAaJ4ZRnQcZyX7Xg2EZmkc4xxrOLPKM%2BSxbpsi38Mz6ZL54e5TS0DTO99esbvM19HqEb9rTT7wH6hmaEWDX1uRac6LOnUVfhWbBvcx","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

SQL Injection Attacks and Defense, First Edition: Winner of the Best Book Bejtlich Read Award

"SQL injection is probably the number one problem for any server-side application, and this book unequaled in its coverage." –Richard Bejtlich, Tao Security blog

SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information available for penetration testers, IT security consultants and practitioners, and web/software developers to turn to for help.

SQL Injection Attacks and Defense, Second Edition is the only book devoted exclusively to this long-established but recently growing threat. This is the definitive resource for understanding, finding, exploiting, and defending against this increasingly popular and particularly destructive type of Internet-based attack.

SQL Injection Attacks and Defense, Second Edition includes all the currently known information about these attacks and significant insight from its team of SQL injection experts, who tell you about:

Understanding SQL Injection – Understand what it is and how it works
Find, confirm and automate SQL injection discovery
Tips and tricks for finding SQL injection within code
Create exploits for using SQL injection
Design apps to avoid the dangers these attacks
SQL injection on different databases
SQL injection on different technologies
SQL injection testing techniques
Case Studies

Securing SQL Server, Second Edition is the only book to provide a complete understanding of SQL injection, from the basics of vulnerability to discovery, exploitation, prevention, and mitigation measures
Covers unique, publicly unavailable information, by technical experts in such areas as Oracle, Microsoft SQL Server, and MySQL---including new developments for Microsoft SQL Server 2012 (Denali)
Written by an established expert, author, and speaker in the field, with contributions from a team of equally renowned creators of SQL injection tools, applications, and educational materials

ISBN-10

1597499633
ISBN-13

978-1597499637
Edition

2nd
Publisher

Syngress
Publication date

July 2, 2012
Language

English
Dimensions

7.4 x 1.5 x 9.1 inches
Print length

576 pages
See all details

Frequently bought together

$59.95

Get it as soon as Monday, Nov 13

Only 2 left in stock (more on the way).

Ships from and sold by Amazon.com.

+

$26.57

Get it as soon as Wednesday, Nov 8

In Stock

Ships from and sold by Amazon.com.

Total price:

To see our price, add these items to your cart.

Try again!

Details

Added to Cart

One of these items ships sooner than the other.

Show details Hide details

Choose items to buy together.

Dafydd Stuttard
975
Paperback
69 offers from $14.99

Editorial Reviews

Review

"Lead author and technical editor Clarke has organized the volume's 11 chapters into sections on understanding, finding, exploiting, and defending SQL injection, and has also included reference materials that provide information on database platforms not covered in detail in the main body of the text." --Reference and Research Book News, August 2013

"The most stunningly impactful attacks often leverage SQL Injection vulnerabilities. This book has everything you need to fight back, from applying the core fundamentals to protecting emerging technologies against such attacks. Keep it by your bedside and distribute it within your business." --Nitesh Dhanjani, Executive Director at Ernst & Young LLP

"Securing SQL Server - Protecting Your Database from Attackers and SQL Injection Attacks and Defense are two new books out on SQL security. The first, Securing SQL Server - Protecting Your Database from Attackers, author Denny Cherry takes a high-level approach to the topic. The book explains how to secure and protect a SQL database from attack. The book details how to configure SQL against both internal and external-based attacks. This updated edition includes new chapters on analysis services, reporting services, and storage area network security. For anyone new to SQL security, Cherry does a great job of explaining what needs to be done in this valuable guide. In and SQL Injection Attacks and Defense, editor Justin Clarke enlists the help of a set of experts on how to deal with SQL injection attacks. Since SQL is so ubiquitous on corporate networks, with sites often running hundreds of SQL servers; SQL is prone to attacks. SQL injection is a technique often used to attack databases through a website and is often done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database. SQL injection is a code injection technique that exploits security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. With that, the need to defend servers against such attacks is an imperative and SQL Injection Attacks and Defense should be required reading for anyone tasks with securing SQL servers." --RSA Conference

Review

The definitive resource and only book for understanding, finding, exploiting, and defending against the growing threat and damage of SQL injection attacks!

Product details

Publisher ‏ : ‎ Syngress; 2nd edition (July 2, 2012)
Language ‏ : ‎ English
Paperback ‏ : ‎ 576 pages
ISBN-10 ‏ : ‎ 1597499633
ISBN-13 ‏ : ‎ 978-1597499637
Item Weight ‏ : ‎ 2.51 pounds
Dimensions ‏ : ‎ 7.4 x 1.5 x 9.1 inches

Best Sellers Rank: #1,140,111 in Books (See Top 100 in Books)
- #211 in Library Management
- #220 in SQL
- #1,853 in Internet & Telecommunications

Customer Reviews:
4.3 33 ratings

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Videos

Help others learn more about this product by uploading a video!

Upload your video

Important information

To report an issue with this product, click here.

About the author

Follow authors to get new release updates, plus improved recommendations.

Justin Clarke

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Justin Clarke is a co-founder and Director at Gotham Digital Science, based in the United Kingdom. He has over twelve years of experience in assessing the security of networks, web applications, and wireless networks for large financial, retail, technology and government clients in the United States, the United Kingdom and New Zealand.

Justin is the the technical editor and lead author of “SQL Injection Attacks and Defense” (Syngress 2009), co-author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O’Reilly 2005), a contributing author to "Network Security Assessment: Know Your Network, 2nd Edition" (O’Reilly 2007), as well as a speaker at a number of conferences and events on security topics, including Black Hat USA, EuSecWest, OSCON, ISACA, RSA, SANS, OWASP, and the British Computer Society. He is the author of the open source SQLBrute blind SQL injection testing tool, and is the Chapter Leader for the London chapter of OWASP.

Customer reviews

4.3 out of 5

33 global ratings

3 star

0%

How customer reviews and ratings work

Sort reviews by

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Jason

This is the second time ever I gave a book 5 stars. It definitely deserves it!

Reviewed in the United States on April 17, 2014

Verified Purchase

This is definitely a book to get if you want to learn SQLi from the ground up. Many other IT security related books devote a chapter to SQLi that feels rushed or doesn't fully explain the "in/out's" of SQLi. This books starts with the premise that the reader is completely new to the concept of SQLi. The author easily explains the concept, how to detect it, and how to prevent it in a way that is easy to understand. If you ever heard of the "Crawl, Walk, Run" approach, this book beautifully illustrates it. What I love best is that it gives you easy to follow examples without being wordy or verbose. It isn't a book that will melt your brain with boring material, in fact, it is actually quite fun to read and follow along. Like any book that is fun to follow you will have an easier time remembering the material. The book is split into four sections - undestanding SQL injection (Chapter 1), finding SQL injection (Chapters 2 and 3), exploiting SQL injection (Chapters 4-7), and defending against SQL injection (Chapters 8-10).

This book will definitely appeal to all audiences interested in the subject from the pro penetration tester, to the novice, IT security student new to the subject, or a database admin that just wants to write more securely.

So if you are debating to find a book about SQLi, look no further and pick this book up.

4 people found this helpful

Helpful

Charles A

Excellent book on SQL injections!

Reviewed in the United States on August 19, 2013

Verified Purchase

Before I purchased this book, I thought I was pretty damn 1337 with the sequel. How wrong I was!

This book is awesome! Any security researcher, web developer, pen tester, or student should read this! Anybody interested in databases should read this! It has tons of code examples in it - MySQL, Oracle SQL, SQL Server, PostgreSQL, Java, C#, and PHP!

This book covers all sorts of SQL injections. It covers everything from finding the SQL injection to exploiting the database server. Very well written book and easy to understand. You should have some knowledge of programming, especially knowledge of SQL if you want to read this book. You should know at least one programming language in addition to knowing some basic SQL. Ideally, you will know either PHP, Java, or C#. This is not an intro to sql or intro to programming book. This is not a book on hacking or penetration testing. This is a book on SQL injections and it covers just about anything you can imagine.

SQL injections in stored procedures? Yep. SQL injections to gather more information about the database schema? Yep. SQL injections aimed at accessing the server? Yep!

As I've said, and I repeat, THIS BOOK IS AWESOME! If you've got any interest at all in hacking web applications, you need to master SQL and SQL injections!

2 people found this helpful

Helpful

Word Nerd

Everything you need to know about SQL Injection

Reviewed in the United States on June 1, 2013

Verified Purchase

Before I purchased this book, I knew just a little bit about SQL Injection. I knew it existed and I knew a few of the most common techniques. Now I have a very thorough understanding. "SQL Injection Attacks and Defense" is well organized and extremely informative. There are so many technical books out there that are full of fluff. This isn't one of them. SQL Injection Attacks and Defense contains all quality content. I learned a lot about SQL, not enough to make a career out of it but enough to understand the attacks, why they work, and how to prevent them.

This is a great resource for penetration testers, recreational hackers, and security professionals. I highly recommend it.

One person found this helpful

Helpful

Elvir Nuhanovic

Great Book

Reviewed in the United States on February 25, 2015

Verified Purchase

Great book so far, great explanatios and usefull stuff

Reviewed in the United States on December 24, 2012

This book is a great resource for lots of types of people: penetration testers, DB admins, code writers, sysadmins, and others.

For pentesters, it has all the tools and manual techniques one needs to confirm or deny the presence of SQL injection for a client. Once confirmed, this book also tells one how to exploit it to gain further access into a network. As a greater bonus, and one I think sets this book apart from others, is that the end of the book includes multiple ways to recommend to a client on how to fix the SQL injection, from better code to network-level appliances (or both!).

For others, certain parts of the book may be of more interest than some, but this is still a great book that delivers on depth and breadth. I appreciated that the authors were obviously very knowledgeable about the subject, even going as far as to provide references on how to do SQLi for less-known platforms.

4 people found this helpful

Helpful

Kyle Ellison

Valuable material!

Reviewed in the United States on June 12, 2014

I read both editions of this book and found the content to be valuable because it was applicable to current technologies. The level of detail provided by the authors was impressive and I recommend it to anyone wanting to gain more experience with SQL injection.

Helpful

Top reviews from other countries

Translate all reviews to English

Christoph Lünswilken

Geballtes Wissen in einem sehr guten Buch

Reviewed in Germany on January 12, 2015

Verified Purchase

Ich hatte mir dieses Buch zuvor in einer Onlinebibliothek angeschaut und musste mir es danach einfach in Druckvariante kaufen. Gestoßen bin ich auf dieses Buches im Rahmen einer wissenschaftlichen Seminararbeit über SQL-Injection. Es steht wirklich alles was man wissen sollte in diesem Buch, von der Zusammenarbeit zwischen Webappliaktionen und Datenbanken über Angriffsmethoden bis hin zu Verteidigiungsmechanismen. Man merkt beim Lesen schnell, dass die Autoren wirklich hochqualifizierte Referenten in den jeweiligen Themen sind, auch wenn das Fachenglisch manchmal schwer zu lesen ist.
Meiner Meinung nach gehört dieses Buch in jedes Bücherregal eines IT-Sicherheitsexperten, da man wirklich alles nachschlagen kann. Wirklich, Wirklich gut.

4 people found this helpful

Translate review to English

Cliente de Amazon

Excelente libro

Reviewed in Mexico on February 20, 2017

Verified Purchase

Muy explicito buenos ejemplos es importante saber como se realiza este tipo de ataques para poder contrarestarlos y poder minimizar la posibles vulnerabilidades

Translate review to English

Steve

Good

Reviewed in the United Kingdom on July 6, 2019

Verified Purchase

Lots of relevant information.

Annalinda

Perfetto!

Reviewed in Italy on September 28, 2014

Verified Purchase

Libro arrivato in ottime condizioni come da descrizione. Consegna celere e puntuale con la stima di consegna del corriere! Grazie!

Translate review to English

See more reviews

Image Unavailable

Follow the author