SQL Injection Strategies Practical techniques to secure old vulnerabilities against modern attacks

Learn to exploit vulnerable database applications using SQL injection tools and techniques, while understanding how to effectively prevent attacks Key Features * Understand SQL injection and its effects on websites and other systems * Get hands-on with SQL injection using both manual and automated t...

Full description

Saved in:
Bibliographic Details
Main Authors: Galluccio, Ettore, Lombari, Gabriele, Caselli, Edoardo
Format: eBook
Language:English
Published: Birmingham Packt Publishing 2020
Packt Publishing, Limited
Packt Publishing Limited
Edition:1
Subjects:
COM053000 COMPUTERS / Security / General
Computer security
COMPUTERS / Programming Languages / SQL
COMPUTERS / Security / Networking
SQL (Computer program language)
ISBN:9781839217135, 1839217138, 183921564X, 9781839215643
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Table of Contents:
  • Attacking Mutillidae II -- The Magical Code Injection Rainbow -- Attacking Peruggia -- Attacking traditional web applications - automated techniques -- OWASP ZAP for SQL injection -- Automated SQL injection attacks using sqlmap -- Attacking mobile targets -- Attacking IoT targets -- Summary -- Questions -- Further reading -- Chapter 5: Preventing SQL Injection with Defensive Solutions -- Technical requirements -- Understanding general weaknesses and SQL injection enablers -- Treating user input -- Sanitization and input control -- Defending against SQL injection - code-level defenses -- Input validation -- Parametrized queries -- Character encoding and escaping -- Secure coding practices -- Defending against SQL injection - platform-level defenses -- Application-level firewall logic -- Database server security mechanisms -- Other security measures -- Summary -- Questions -- Chapter 6: Putting It All Together -- SQL injection - theory in perspective -- SQL injection in general -- SQL injection attack techniques -- SQL injection and other security flaws -- SQL injection - practice in perspective -- Attacking using SQL injection -- Defending against SQL injection -- Managing vulnerabilities and security flaws -- SQL injection and security implications - final comments -- SQL injection in today's world -- Beyond SQL injection -- Summary -- Questions -- Assessments -- Chapter 1 -- Chapter 2 -- Chapter 3 -- Chapter 4 -- Chapter 5 -- Chapter 6 -- Other Books You May Enjoy -- Leave a review - let other readers know what you think -- Index
  • Cover -- Title Page -- Copyright and Credits -- Dedication -- About Packt -- Contributors -- Table of Contents -- Preface -- Section 1: (No)SQL Injection in Theory -- Chapter 1: Structured Query Language for SQL Injection -- Technical requirements -- An overview of SQL - a relational query language -- Database management systems and relational databases -- SQL - Structured Query Language -- The syntax and logic of SQL -- Security implications of SQL -- Weaknesses in the use of SQL -- SQL for SQL injection - a recap -- Summary -- Questions -- Chapter 2: Manipulating SQL - Exploiting SQL Injection -- Technical requirements -- Exploitable SQL commands and syntax -- SQL injection-enabling characters -- SQL statement construction -- Common SQL injection commands and manipulation -- Information gathering and schema extraction - UNION queries -- Dumping the database -- Escalating privileges and gaining access -- Blind SQL injection -- Not only SQL injection - non-relational repositories -- The injection vulnerability in non-relational repositories -- Wrapping up - (No-)SQL injection in theory -- Summary -- Questions -- Section 2: SQL Injection in Practice -- Chapter 3: Setting Up the Environment -- Technical requirements -- Understanding the practical approach and introducing the main tools -- Virtualization software -- Kali Linux -- Overview of the OWASP BWA project -- The attacker - configuring your client machine -- Creating a new client VM -- The target - configuring your target web applications -- Creating the OWASP BWA VM -- The target - configuring your target-emulated devices -- Operating the lab -- Setting up the OWASP BWA lab -- Setting up an Android Virtual Device -- Summary -- Questions -- Chapter 4: Attacking Web, Mobile, and IoT Applications -- Technical requirements -- Attacking traditional web applications- manual techniques
  • SQL Injection Strategies: Practical techniques to secure old vulnerabilities against modern attacks