SQL Injection Attacks and Defense

Before I purchased this book, I thought I was pretty damn 1337 with the sequel. How wrong I was! This book is awesome! Any security researcher, web developer, pen tester, or student should read this! Anybody interested in databases should read this! It has tons of code examples in it - MySQL, Oracle SQL, SQL Server, PostgreSQL, Java, C#, and PHP! This book covers all sorts of SQL injections. It covers everything from finding the SQL injection to exploiting the database server. Very well written book and easy to understand. You should have some knowledge of programming, especially knowledge of SQL if you want to read this book. You should know at least one programming language in addition to knowing some basic SQL. Ideally, you will know either PHP, Java, or C#. This is not an intro to sql or intro to programming book. This is not a book on hacking or penetration testing. This is a book on SQL injections and it covers just about anything you can imagine. SQL injections in stored procedures? Yep. SQL injections to gather more information about the database schema? Yep. SQL injections aimed at accessing the server? Yep! As I've said, and I repeat, THIS BOOK IS AWESOME! If you've got any interest at all in hacking web applications, you need to master SQL and SQL injections!

Before I purchased this book, I knew just a little bit about SQL Injection. I knew it existed and I knew a few of the most common techniques. Now I have a very thorough understanding. "SQL Injection Attacks and Defense" is well organized and extremely informative. There are so many technical books out there that are full of fluff. This isn't one of them. SQL Injection Attacks and Defense contains all quality content. I learned a lot about SQL, not enough to make a career out of it but enough to understand the attacks, why they work, and how to prevent them. This is a great resource for penetration testers, recreational hackers, and security professionals. I highly recommend it.

This is definitely a book to get if you want to learn SQLi from the ground up. Many other IT security related books devote a chapter to SQLi that feels rushed or doesn't fully explain the "in/out's" of SQLi. This books starts with the premise that the reader is completely new to the concept of SQLi. The author easily explains the concept, how to detect it, and how to prevent it in a way that is easy to understand. If you ever heard of the "Crawl, Walk, Run" approach, this book beautifully illustrates it. What I love best is that it gives you easy to follow examples without being wordy or verbose. It isn't a book that will melt your brain with boring material, in fact, it is actually quite fun to read and follow along. Like any book that is fun to follow you will have an easier time remembering the material. The book is split into four sections - undestanding SQL injection (Chapter 1), finding SQL injection (Chapters 2 and 3), exploiting SQL injection (Chapters 4-7), and defending against SQL injection (Chapters 8-10). This book will definitely appeal to all audiences interested in the subject from the pro penetration tester, to the novice, IT security student new to the subject, or a database admin that just wants to write more securely. So if you are debating to find a book about SQLi, look no further and pick this book up.

Great book so far, great explanatios and usefull stuff

This book is a great resource for lots of types of people: penetration testers, DB admins, code writers, sysadmins, and others. For pentesters, it has all the tools and manual techniques one needs to confirm or deny the presence of SQL injection for a client. Once confirmed, this book also tells one how to exploit it to gain further access into a network. As a greater bonus, and one I think sets this book apart from others, is that the end of the book includes multiple ways to recommend to a client on how to fix the SQL injection, from better code to network-level appliances (or both!). For others, certain parts of the book may be of more interest than some, but this is still a great book that delivers on depth and breadth. I appreciated that the authors were obviously very knowledgeable about the subject, even going as far as to provide references on how to do SQLi for less-known platforms.

I read both editions of this book and found the content to be valuable because it was applicable to current technologies. The level of detail provided by the authors was impressive and I recommend it to anyone wanting to gain more experience with SQL injection.

Libro arrivato in ottime condizioni come da descrizione. Consegna celere e puntuale con la stima di consegna del corriere! Grazie!

Ich hatte mir dieses Buch zuvor in einer Onlinebibliothek angeschaut und musste mir es danach einfach in Druckvariante kaufen. Gestoßen bin ich auf dieses Buches im Rahmen einer wissenschaftlichen Seminararbeit über SQL-Injection. Es steht wirklich alles was man wissen sollte in diesem Buch, von der Zusammenarbeit zwischen Webappliaktionen und Datenbanken über Angriffsmethoden bis hin zu Verteidigiungsmechanismen. Man merkt beim Lesen schnell, dass die Autoren wirklich hochqualifizierte Referenten in den jeweiligen Themen sind, auch wenn das Fachenglisch manchmal schwer zu lesen ist. Meiner Meinung nach gehört dieses Buch in jedes Bücherregal eines IT-Sicherheitsexperten, da man wirklich alles nachschlagen kann. Wirklich, Wirklich gut.

Lots of relevant information.

Muy explicito buenos ejemplos es importante saber como se realiza este tipo de ataques para poder contrarestarlos y poder minimizar la posibles vulnerabilidades