SQL injection attacks and defense

SQL injection attacks and defense

Clarke, Justin

48,31 €(IVA inc.)

SQL injection is a technique that exploits security vulnerabilities in a web site by inserting malicious code into the database that runs it. Such attacks can be used to deface or disable public websites, spread viruses and other malware, or steal sensitive information such as credit card numbers, Social Security Numbers, or passwords. Along with cross-site scripting, SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repositoryof information available for penetration testers, IT security consultants andpractitioners, and web/software developers to turn to for help. The only bookdevoted exclusively to this long-established but recently growing threat, SQLInjection Attacks and Defense is the definitive resource for understanding, finding, exploiting, and defending against this increasingly popular and particularly destructive type of Internet-based attack.SQL injection techniques havebeen around for over 10 years now, but recent years have seen a dramatic increase in both number of attacks and the extent of damage caused by them. In fact, a sweep of attacks in the second quarter of 2008 alone resulted in over 500,000 exploited web pages, which were compromised to deliver password-stealing malware to users' computers. The tragedy is that these threats can be mitigated, or even prevented, with the proper tools and knowledge, much of which is publicly available but has yet to be collected in one place. This book includes all important public information on the subject and adds significant coverage known only to its contributing team of SQL injection experts. Only book to provide a complete understanding of SQL injection, from the basics of vulnerability to discovery, exploitation, prevention, and mitigation measures Covers unique, publicly unavailable SQL injection information by technical experts in such areas as Oracle and Microsoft SQL Server. Written by an established expert, author, and speaker in the field, with contributions from a team of equally renowned creators of SQL injection tools, applications, and educational materials

  • ISBN: 978-1-59749-424-3
  • Editorial: Syngress
  • Encuadernacion: Rústica
  • Páginas: 473
  • Fecha Publicación: 26/06/2009
  • Nº Volúmenes: 1
  • Idioma: Inglés