Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Temporarily out of stock.
Order now and we'll deliver when available.
Order now and we'll deliver when available. We'll e-mail you with an estimated delivery date as soon as we have more information. Your account will only be charged when we ship the item.
Details
Ships from and sold by Amazon.com. Gift-wrap available.
The Oracle Hacker's Handb... has been added to your Cart
FREE Shipping on orders over $25.
Condition: Used: Good
Comment: The item shows wear from consistent use, but it remains in good condition and works perfectly. All pages and cover are intact (including the dust cover, if applicable). Spine may show signs of wear. Pages may include limited notes and highlighting. May include "From the library of" labels.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

The Oracle Hacker's Handbook: Hacking and Defending Oracle Paperback – January 30, 2007

4.0 out of 5 stars 8 customer reviews

See all 4 formats and editions Hide other formats and editions
Price
New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$44.99
$17.50 $5.14

Windows10ForDummiesVideo
Windows 10 For Dummies Video Training
Get up to speed with Windows 10 with this video training course from For Dummies. Learn more.
$44.99 FREE Shipping. Temporarily out of stock. Order now and we'll deliver when available. We'll e-mail you with an estimated delivery date as soon as we have more information. Your account will only be charged when we ship the item. Ships from and sold by Amazon.com. Gift-wrap available.
click to open popover

Frequently Bought Together

  • The Oracle Hacker's Handbook: Hacking and Defending Oracle
  • +
  • The Database Hacker's Handbook: Defending Database Servers
  • +
  • The Browser Hacker's Handbook
Total price: $123.80
Buy the selected items together


Editorial Reviews

From the Back Cover

Knowledge is power, and the power can be yours

While Oracle continues to improve the security features of its product, it still has a long way to go. David Litchfield has devoted years to relentlessly searching out the flaws in this ubiquitous database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems.

Like The Shellcoder's Handbook and The Database Hacker's Handbook, this in-depth guide explores every technique and tool used by black hat hackers to invade and compromise Oracle. It shows you how to find the weak spots and defend them. Without that knowledge, you have little chance of keeping your databases truly secure.

  • Discover how to deal with the security flaws revealed in the Oracle RDBMS
  • Explore some never-before-published forays into Oracle security holes and learn to defend them from attack
  • Learn why independent security assessments are not necessarily a guarantee of safety
  • See how Oracle 10g Release 2 has improved its security features and where the flaws remain
  • Take advantage of extensive and valuable code downloads on the companion Web site at www.wiley.com/go/ohh

Visit our Web site at www.wiley.com/go/ohh

About the Author

DAVID LITCHFIELD is founder and chief research scientist of NGSSoftware Ltd., a UK-based security solutions provider. He has been recognized as the world's premier expert on Oracle database security, and is the designer of NGSSQuirreL, a powerful tool for identifying and assessing database vulnerability. David is a regular conference speaker and has lectured government agencies on security topics.
NO_CONTENT_IN_FEATURE

The latest book club pick from Oprah
"The Underground Railroad" by Colson Whitehead is a magnificent novel chronicling a young slave's adventures as she makes a desperate bid for freedom in the antebellum South. See more

Product Details

  • Paperback: 190 pages
  • Publisher: Wiley; 1 edition (January 30, 2007)
  • Language: English
  • ISBN-10: 0470080221
  • ISBN-13: 978-0470080221
  • Product Dimensions: 7.4 x 0.5 x 9.3 inches
  • Shipping Weight: 10.4 ounces (View shipping rates and policies)
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (8 customer reviews)
  • Amazon Best Sellers Rank: #1,453,496 in Books (See Top 100 in Books)

Customer Reviews

Top Customer Reviews

Format: Paperback
The Oracle Hacker's Handbook (OHH) is a collection of techniques that could be used by an attacker to gain unauthorised access to an Oracle database server upto and including 10gR2. Most of these techniques are currently not public, so OHH is both new knowledge for an attacker and vital warning to those responsible for securing Oracle servers.

In a nutshell the new attacks include how to gain the version number remotely, brute force usernames, gain passwords/hashes from the OS, attack the listener, escalate privilege internally through PLSQL Packages and Triggers both directly and indirectly as well as defeating VPD. These attacks are illustrated both directly and through application server. By using these techniques and by accessing the Oracle files directly through the OS an attacker would be able to gain DBA privileges on most secured servers. Additionally using the code examples included an attacker could gain password hashes and then the actual DBA clear text password from the network using the password decryption code included. This will work even with complex quoted passwords.

This is the most effective public analysis of security vulnerabilities in Oracle products so far.

OHH is a technical book and not really an introduction to the subject though it could be picked up reasonably quickly as the text avoids unnecessary jargon.

The book could be enhanced by including more on defense strategies, such as, how to prepare and respond to an attack where the attacker has gained the clear text DBA password.

OHH has a free download site for pre-written proof of concept code which will helps avoid unnecessary typing. From a general readability point of view the book is concise and to the point. The sections are logically laid out and the examples have worked when tested. I would recommend those involved in Oracle security to read this book as soon as they can.
Comment 12 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
When I have started with this book I was amazed and afraid both. By this book all those tricks of SQL injections in Oracle has started to be a public knowledge. So this book is like a knife... you can cut the bread or you can kill with it. :) But let's be honest. It is always better to know especially when you are DBA, because of you are always far behind the attackers who probably spend their lifetime on browsing the code for security flaws. For that reason everyone how is responsible for practical Oracle security should read this book and learn how to defend. I belive that this book will grow in the future and will provide more & more examples. That is the game we use to play. New releases, new bugs, new flaws, new workarounds and finally some vendor final fixes. That is how oracle security process cycle should work. It is worth to be mentioned that in terms of quality, David Litchfield has started completly new period in cycle.
Comment 4 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
I've been doing some Oracle research and of course this is the only book on the market that really covers breaking into Oracle with the exception of The Database Hacker's Handbook which came out in 2005. Justin Clark's (and others) SQL Injection Book published in 2009 also covers some Oracle material but not enough to make this book obsolete.

I bought this book immediately when it came out in 2007 (yeah I'm super late on the review) but frankly put it down because it was confusing and definitely not suited for anyone that didn't already have a basic exposure to Oracle. I picked it up again in late 2008 after doing the background research on Oracle security and administration. Armed with a better understanding of Oracle in general I attacked the book again, focusing on SQL Injection in the Oracle PL/SQL packages with the goal of going from locating an open TNS listener to getting a shell on the system.

The author is well known in the security industry and one of only a handful of Oracle Security "experts", so the skill level was definitely there.

Breakdown of the Chapters:
Introduction.
Chapter 1 Overview of the Oracle RDBMS.
Chapter 2 The Oracle Network Architecture.
Chapter 3 Attacking the TNS Listener and Dispatchers.
Chapter 4 Attacking the Authentication Process.
Chapter 5 Oracle and PL/SQL.
Chapter 6 Triggers.
Chapter 7 Indirect Privilege Escalation.
Chapter 8 Defeating Virtual Private Databases.
Chapter 9 Attacking Oracle PL/SQL Web Applications.
Chapter 10 Running Operating System Commands.
Chapter 11 Accessing the File System.
Chapter 12 Accessing the Network.
Appendix A Default Usernames and Passwords.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback Verified Purchase
After reading it I thought "...well what were you expecting?, the keys to the house of Larry Ellison also?". It has interesting information for a non hacker like me, but much of the security problems are in the Oracle source code, and therefore there is not much I can do about it. Yes, now I know what not to do in the new code I program. You have to be a programmer to make sense of the code listings and have seen like dumps of snifers before. The language used by the author is clear for me.

Hope this helps
Comment 2 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse