SQL Injection Attacks and Defense

Front Cover
Syngress, May 5, 2009 - Computers - 496 pages

Winner of the Best Book Bejtlich Read in 2009 award!

"SQL injection is probably the number one problem for any server-side application, and this book is unequaled in its coverage." Richard Bejtlich, http://taosecurity.blogspot.com/

SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information to turn to for help. This is the only book devoted exclusively to this long-established but recently growing threat. It includes all the currently known information about these attacks and significant insight from its contributing team of SQL injection experts.

  • What is SQL injection?-Understand what it is and how it works
  • Find, confirm, and automate SQL injection discovery
  • Discover tips and tricks for finding SQL injection within the code
  • Create exploits using SQL injection
  • Design to avoid the dangers of these attacks
 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Contents

What Is SQL Injection?
1
Reviewing Code for SQL Injection
95
Exploiting SQL Injection
137
Blind SQL Injection Exploitation
219
Exploiting the Operating System
271
Advanced Topics
317
CodeLevel Defenses
341
PlatformLevel Defenses
377
References
415
Index
459
Copyright

Other editions - View all

Common terms and phrases

About the author (2009)

Justin Clarke (CISSP, CISM, CISA, MCSE, CEH) is a cofounder and executive director of Gotham Digital Science, based in the United Kingdom. He has over ten years of experience in testing the security of networks, web applications, and wireless networks for large financial, retail, and technology clients in the United States, the United Kingdom and New Zealand.

Bibliographic information