05. SQL Injection Attacks and Defense.pdf

(6574 KB) Pobierz

SQL Injection Attacks and Defense

Second Edition

Justin Clarke

Table of Contents

Cover image

Title page

Acknowledgements

Dedication

Contributing Authors

Lead Author and Technical

Introduction to the 2nd Edition

Chapter 1. What Is SQL Injection?

Introduction

Understanding How Web Applications Work

Understanding SQL Injection

Understanding How It Happens

Summary

Solutions Fast Track

Chapter 2. Testing for SQL Injection

Introduction

Finding SQL Injection

Confirming SQL Injection

Automating SQL Injection Discovery

Summary

Solutions Fast Track

Chapter 3. Reviewing Code for SQL Injection

Introduction

Reviewing source code for SQL injection

Automated source code review

Summary

Solutions fast track

Chapter 4. Exploiting SQL injection

Introduction

Understanding common exploit techniques

Identifying the database

Extracting data through UNION statements

Using conditional statements

Enumerating the database schema

Injecting into “INSERT” queries

Escalating privileges

Stealing the password hashes

Out-of-band communication

SQL injection on mobile devices

Automating SQL injection exploitation

Summary

Solutions Fast Track

Chapter 5. Blind SQL Injection Exploitation

Introduction

Finding and confirming blind SQL injection

Using time-based techniques

Using Response-Based Techniques

Using Alternative Channels

Automating blind SQL injection exploitation

Summary

Solutions fast track

Chapter 6. Exploiting the operating system

Introduction

Accessing the file system

Executing operating system commands

Consolidating access

Summary

Solutions fast track

References

Chapter 7. Advanced topics

Introduction

Evading input filters

Exploiting second-order SQL injection

Exploiting client-side SQL injection

Using hybrid attacks

Summary

Solutions fast track

Chapter 8. Code-level defenses

Introduction

Domain Driven Security

Using parameterized statements

Validating input

Encoding output

Canonicalization

Design Techniques to Avoid the Dangers of SQL Injection

Summary

Solutions fast track

Chapter 9. Platform level defenses

Introduction

Plik z chomika:

kufel_007

Inne pliki z tego folderu:

C+_Porady_i_Metody.pdf (102116 KB)
Helion - Visual Studio .NET .NET Framework. Czarna księga(1).pdf (83887 KB)
Eugeniusz Wróbel - Programowanie w Języku Asemblera MASM.pdf (50304 KB)
Ed Wilson - Windows PowerShell - Najlepsze Praktyki.pdf (24653 KB)
Helion - Visual Studio .NET .NET Framework. Czarna księga.pdf (83887 KB)

05. SQL Injection Attacks and Defense.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: