SQL Injection Attacks and Defense.
Title:
SQL Injection Attacks and Defense.
Author:
Clarke-Salt, Justin.
ISBN:
9781597499736
Personal Author:
Edition:
2nd ed.
Physical Description:
1 online resource (576 pages)
Contents:
SQL Injection Attacks and Defense -- Copyright -- Acknowledgements -- Dedication -- Contributing Authors -- Lead Author and Technical Editor -- Table of Contents -- Introduction to the 2nd Edition -- 1 What Is SQL Injection? -- Introduction -- Understanding How Web Applications Work -- A Simple Application Architecture -- A More Complex Architecture -- Understanding SQL Injection -- High-Profile Examples -- Understanding How It Happens -- Dynamic String Building -- Incorrectly Handled Escape Characters -- Incorrectly Handled Types -- Incorrectly Handled Query Assembly -- Incorrectly Handled Errors -- Incorrectly Handled Multiple Submissions -- Insecure Database Configuration -- Summary -- Solutions Fast Track -- Understanding How Web Applications Work -- Understanding SQL Injection -- Understanding How It Happens -- Frequently Asked Questions -- 2 Testing for SQL Injection -- Introduction -- Finding SQL Injection -- Testing by Inference -- Identifying Data Entry -- GET Requests -- POST Requests -- Other Injectable Data -- Manipulating Parameters -- Information Workflow -- Database Errors -- Commonly Displayed SQL Errors -- Microsoft SQL Server Errors -- MySQL Errors -- Oracle Errors -- PostgreSQL Errors -- Application Response -- Generic Errors -- HTTP Code Errors -- Different Response Sizes -- Blind Injection Detection -- Confirming SQL Injection -- Differentiating Numbers and Strings -- Inline SQL Injection -- Injecting Strings Inline -- Injecting Numeric Values Inline -- Terminating SQL Injection -- Database Comment Syntax -- Using Comments -- Executing Multiple Statements -- Time Delays -- Automating SQL Injection Discovery -- Tools for Automatically Finding SQL Injection -- HP WebInspect -- IBM Rational AppScan -- HP Scrawlr -- SQLiX -- Paros Proxy/Zed Attack Proxy -- Summary -- Solutions Fast Track -- Finding SQL Injection.
Confirming SQL Injection -- Automating SQL Injection Discovery -- Frequently Asked Questions -- 3 Reviewing Code for SQL Injection -- Introduction -- Reviewing Source Code for SQL Injection -- Dangerous Coding Behaviors -- Dangerous Functions -- Following the Data -- Following Data in PHP -- Following Data in Java -- Following Data in C# -- Reviewing Android Application Code -- Reviewing PL/SQL and T-SQL Code -- Automated Source Code Review -- Graudit -- Yet Another Source Code Analyzer (YASCA) -- Pixy -- AppCodeScan -- OWASP LAPSE+ Project -- Microsoft Source Code Analyzer for SQL Injection -- Microsoft Code Analysis Tool .NET (CAT.NET) -- RIPS-A Static Source Code Analyzer for Vulnerabilities in PHP Scripts -- CodePro AnalytiX -- Teachable Static Analysis Workbench -- Commercial Source Code Review Tools -- Fortify Source Code Analyzer -- Rational AppScan Source Edition -- CodeSecure -- Klocwork Solo -- Summary -- Solutions fast track -- Reviewing Source Code for SQL Injection -- Automated Source Code Review -- Frequently Asked Questions -- 4 Exploiting SQL Injection -- Introduction -- Understanding Common Exploit Techniques -- Using Stacked Queries -- Exploiting Oracle from Web Applications -- Identifying the Database -- Non-Blind Fingerprint -- Banner Grabbing -- Blind Fingerprint -- Extracting Data through UNION Statements -- Matching Columns -- Matching Data Types -- Using Conditional Statements -- Approach 1: Time-Based -- Approach 2: Error-Based -- Approach 3: Content-Based -- Working with Strings -- Extending the Attack -- Using Errors for SQL Injection -- Error Messages in Oracle -- Enumerating the Database Schema -- SQL Server -- MySQL -- PostgreSQL -- Oracle -- Injecting into "INSERT" Queries -- First Scenario: Inserting User Determined Data -- Second Scenario: Generating INSERT Errors -- Other Scenarios -- Escalating Privileges.
SQL Server -- Privilege Escalation on Unpatched Servers -- Oracle -- SYS.LT -- SYS.DBMS_CDC_PUBLISH -- Getting Past the CREATE PROCEDURE Privilege -- Cursor Injection -- SYS.KUPPPROC -- Weak Permissions -- Stealing the Password Hashes -- SQL Server -- MySQL -- PostgreSQL -- Oracle -- Oracle Components -- APEX -- Oracle Internet Directory -- Out-of-Band Communication -- E-mail -- Microsoft SQL Server -- Oracle -- HTTP/DNS -- File System -- SQL Server -- MySQL -- Oracle -- SQL Injection on Mobile Devices -- Automating SQL Injection Exploitation -- sqlmap -- Bobcat -- BSQL -- Other Tools -- Summary -- Solutions Fast Track -- Understanding Common Exploit Techniques -- Identifying the Database -- Extracting Data Through UNION Statements -- Using Conditional Statements -- Enumerating the Database Schema -- Injecting into INSERT Queries -- Escalating Privileges -- Stealing the Password Hashes -- Out-of-Band Communication -- SQL Injection on Mobile Devices -- Automating SQL Injection Exploitation -- Frequently Asked Questions -- 5 Blind SQL Injection Exploitation -- Introduction -- Finding and Confirming Blind SQL Injection -- Forcing Generic Errors -- Injecting Queries with Side Effects -- Splitting and Balancing -- Common Blind SQL Injection Scenarios -- Blind SQL Injection Techniques -- Inference Techniques -- Increasing the Complexity of Inference Techniques -- Alternative Channel Techniques -- Using Time-Based Techniques -- Delaying Database Queries -- MySQL Delays -- Generic MySQL Binary Search Inference Exploits -- Generic MySQL Bit-by-Bit Inference Exploits -- PostgreSQL Delays -- Generic PostgreSQL Binary Search Inference Exploits -- Generic PostgreSQL Bit-by-Bit Inference Exploits -- SQL Server Delays -- Generic SQL Server Binary Search Inference Exploits -- Generic SQL Server Bit-by-Bit Inference Exploits -- Oracle Delays.
Time-Based Inference Considerations -- Using Response-Based Techniques -- MySQL Response Techniques -- PostgreSQL Response Techniques -- SQL Server Response Techniques -- Oracle Response Techniques -- Returning More Than 1 bit of Information -- Using Alternative Channels -- Database Connections -- DNS Exfiltration -- Email Exfiltration -- HTTP Exfiltration -- ICMP Exfiltration -- Automating Blind SQL Injection Exploitation -- Absinthe -- BSQL Hacker -- SQLBrute -- Sqlmap -- Sqlninja -- Squeeza -- Summary -- Solutions Fast Track -- Finding and Confirming Blind SQL Injection -- Using Time-Based Techniques -- Using Response-Based Techniques -- Using Alternative Channels -- Automating Blind SQL Injection Exploitation -- Frequently Asked Questions -- 6 Exploiting the Operating System -- Introduction -- Accessing the File System -- Reading Files -- MySQL -- Microsoft SQL Server -- Oracle -- PostgreSQL -- Writing Files -- MySQL -- Microsoft SQL Server -- Oracle -- PostgreSQL -- Executing Operating System Commands -- MySQL -- WAMP Environments -- Microsoft SQL Server -- Oracle -- Privilege Escalation -- Code Execution Via Direct Access -- EXTPROC -- Executing Code with Java -- DBMS_SCHEDULER -- PL/SQL Native -- Oracle Text -- Alter System Set Events -- PL/SQL native 9i -- Buffer Overflows -- Custom Application Code -- Executing Code as SYSDBA -- PostgreSQL -- Consolidating Access -- Summary -- Solutions Fast Track -- Accessing the File System -- Executing Operating System Commands -- Consolidating Access -- References -- Frequently Asked Questions -- 7 Advanced Topics -- Introduction -- Evading Input Filters -- Using Case Variation -- Using SQL Comments -- Using URL Encoding -- Using Dynamic Query Execution -- Using Null Bytes -- Nesting Stripped Expressions -- Exploiting Truncation -- Bypassing Custom Filters -- Using Non-Standard Entry Points.
Exploiting Second-Order SQL Injection -- Finding Second-Order Vulnerabilities -- Exploiting Client-Side SQL Injection -- Accessing Local Databases -- Attacking Client-Side Databases -- Using Hybrid Attacks -- Leveraging Captured Data -- Creating Cross-Site Scripting -- Running Operating System Commands on Oracle -- Exploiting Authenticated Vulnerabilities -- Summary -- Solutions fast track -- Evading Input Filters -- Exploiting Second-Order SQL Injection -- Exploiting Client-Side SQL Injection -- Using Hybrid Attacks -- Frequently Asked Questions -- 8 Code-Level Defenses -- Introduction -- Domain Driven Security -- Using Parameterized Statements -- Parameterized Statements in Java -- Parameterized Statements in .NET (C#) -- Parameterized Statements in PHP -- Parameterized Statements in PL/SQL -- Parameterized Statements in mobile apps -- Parameterized Statements in iOS Applications -- Parameterized Statements in Android Applications -- Parameterized Statements in HTML5 Browser Storage -- Validating Input -- Whitelisting -- Known Value Validation -- Blacklisting -- Validating Input in Java -- Validating Input in .NET -- Validating Input in PHP -- Validating Input in Mobile Applications -- Validating Input in HTML5 -- Encoding Output -- Encoding to the Database -- Encoding for Oracle -- Oracle dbms_assert -- Encoding for Microsoft SQL Server -- Encoding for MySQL -- Encoding for PostgreSQL -- Avoiding NoSQL injection -- Canonicalization -- Canonicalization Approaches -- Working with Unicode -- Design Techniques to Avoid the Dangers of SQL Injection -- Using Stored Procedures -- Using Abstraction Layers -- Handling Sensitive Data -- Avoiding Obvious Object Names -- Setting up Database Honeypots -- Additional Secure Development Resources -- Summary -- Solutions Fast Track -- Domain Driven Security -- Using Parameterized Statements -- Validating Input.
Encoding Output.
Abstract:
SQL Injection Attacks and Defense, First Edition: Winner of the Best Book Bejtlich Read Award "SQL injection is probably the number one problem for any server-side application, and this book unequaled in its coverage." -Richard Bejtlich, Tao Security blog SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information available for penetration testers, IT security consultants and practitioners, and web/software developers to turn to for help. SQL Injection Attacks and Defense, Second Edition is the only book devoted exclusively to this long-established but recently growing threat. This is the definitive resource for understanding, finding, exploiting, and defending against this increasingly popular and particularly destructive type of Internet-based attack. SQL Injection Attacks and Defense, Second Edition includes all the currently known information about these attacks and significant insight from its team of SQL injection experts, who tell you about: Understanding SQL Injection - Understand what it is and how it works Find, confirm and automate SQL injection discovery Tips and tricks for finding SQL injection within code Create exploits for using SQL injection Design apps to avoid the dangers these attacks SQL injection on different databases SQL injection on different technologies SQL injection testing techniques Case Studies Securing SQL Server, Second Edition is the only book to provide a complete understanding of SQL injection, from the basics of vulnerability to discovery, exploitation, prevention, and mitigation measures. Covers unique, publicly unavailable information, by technical experts in such areas as Oracle, Microsoft SQL Server, and MySQL---including new developments for Microsoft SQL Server 2012 (Denali).
Written by an established expert, author, and speaker in the field, with contributions from a team of equally renowned creators of SQL injection tools, applications, and educational materials.
Local Note:
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2017. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
Genre:
Electronic Access:
Click to View