SQL Injection Strategies 상세페이지
SQL Injection Strategies
Practical techniques to secure old vulnerabilities against modern attacks
- 관심 0
소장
전자책 정가
17,000원
판매가
17,000원
출간 정보
- 2020.07.15 전자책 출간
듣기 기능
TTS(듣기) 미지원
파일 정보
- 211 쪽
- 7.9MB
지원 환경
- 앱
- 웹
- PC뷰어
- PAPER
ISBN
9781839217135
UCI
-
SQL Injection Strategies
작품 정보
Learn to exploit vulnerable database applications using SQL injection tools and techniques, while understanding how to effectively prevent attacks
▶Book Description
SQL injection (SQLi) is probably the most infamous attack that can be unleashed against applications on the internet. SQL Injection Strategies is an end-to-end guide for beginners looking to learn how to perform SQL injection and test the security of web applications, websites, or databases, using both manual and automated techniques. The book serves as both a theoretical and practical guide to take you through the important aspects of SQL injection, both from an attack and a defense perspective.
You'll start with a thorough introduction to SQL injection and its impact on websites and systems. Later, the book features steps to configure a virtual environment, so you can try SQL injection techniques safely on your own computer. These tests can be performed not only on web applications but also on web services and mobile applications that can be used for managing IoT environments. Tools such as sqlmap and others are then covered, helping you understand how to use them effectively to perform SQL injection attacks.
By the end of this book, you will be well-versed with SQL injection, from both the attack and defense perspective.
▶What You Will Learn
-Focus on how to defend against SQL injection attacks
-Understand web application security
-Get up and running with a variety of SQL injection concepts
-Become well-versed with different SQL injection scenarios
-Discover SQL injection manual attack techniques
-Delve into SQL injection automated techniques
▶Key Features
-Understand SQL injection and its effects on websites and other systems
-Get hands-on with SQL injection using both manual and automated tools
-Explore practical tips for various attack and defense strategies relating to SQL injection
▶Who This Book Is For
This book is ideal for penetration testers, ethical hackers, or anyone who wants to learn about SQL injection and the various attack and defense strategies against this web security vulnerability. No prior knowledge of SQL injection is needed to get started with this book.
▶What this book covers
- Chapter 1, Structured Query Language for SQL Injection, serves as a theoretical introduction to the topic, describing at a high level what SQL is, what it is used for, and its possible weaknesses that lead to SQL injection. This theoretical overview is crucial in order to understand concepts behind SQL injection such as database management systems, database models, and SQL.
- Chapter 2, Manipulating SQL – Exploiting SQL Injection, continues with the theoretical approach to the topic, getting more in touch with the practical aspects of SQL injection attacks. This chapter includes examples of input strings that could be used to trigger SQL injection for many different purposes.
- Chapter 3, Setting Up the Environment, covers the setup of the test environment that will be used in the core of the practical elements of this book, while also defining the main approach behind it.
- Chapter 4, Attacking Web, Mobile, and IoT Applications, deals, primarily, with SQL injection against traditional web applications, which is the most common context, using both manual and automated techniques, relying on the toolset we discuss in the previous chapter. We will see, moreover, how mobile applications and IoT devices can also be vulnerable to SQL injection attacks, showing practical examples.
- Chapter 5, Preventing SQL Injection with Defensive Solutions, focuses on the defensive side of things: now that we know that such an impressive and destructive type of vulnerability exists – and how simple in principle it would be to exploit it – how can we stop it?
- Chapter 6, Putting It All Together, serves as a review of what you learned in this book by summarizing and analyzing what we've seen, putting everything in a critical perspective and considering the broader implications not only of SQL injection, but also of security vulnerabilities in general, in a world that relies on information technology and data.
▶Book Description
SQL injection (SQLi) is probably the most infamous attack that can be unleashed against applications on the internet. SQL Injection Strategies is an end-to-end guide for beginners looking to learn how to perform SQL injection and test the security of web applications, websites, or databases, using both manual and automated techniques. The book serves as both a theoretical and practical guide to take you through the important aspects of SQL injection, both from an attack and a defense perspective.
You'll start with a thorough introduction to SQL injection and its impact on websites and systems. Later, the book features steps to configure a virtual environment, so you can try SQL injection techniques safely on your own computer. These tests can be performed not only on web applications but also on web services and mobile applications that can be used for managing IoT environments. Tools such as sqlmap and others are then covered, helping you understand how to use them effectively to perform SQL injection attacks.
By the end of this book, you will be well-versed with SQL injection, from both the attack and defense perspective.
▶What You Will Learn
-Focus on how to defend against SQL injection attacks
-Understand web application security
-Get up and running with a variety of SQL injection concepts
-Become well-versed with different SQL injection scenarios
-Discover SQL injection manual attack techniques
-Delve into SQL injection automated techniques
▶Key Features
-Understand SQL injection and its effects on websites and other systems
-Get hands-on with SQL injection using both manual and automated tools
-Explore practical tips for various attack and defense strategies relating to SQL injection
▶Who This Book Is For
This book is ideal for penetration testers, ethical hackers, or anyone who wants to learn about SQL injection and the various attack and defense strategies against this web security vulnerability. No prior knowledge of SQL injection is needed to get started with this book.
▶What this book covers
- Chapter 1, Structured Query Language for SQL Injection, serves as a theoretical introduction to the topic, describing at a high level what SQL is, what it is used for, and its possible weaknesses that lead to SQL injection. This theoretical overview is crucial in order to understand concepts behind SQL injection such as database management systems, database models, and SQL.
- Chapter 2, Manipulating SQL – Exploiting SQL Injection, continues with the theoretical approach to the topic, getting more in touch with the practical aspects of SQL injection attacks. This chapter includes examples of input strings that could be used to trigger SQL injection for many different purposes.
- Chapter 3, Setting Up the Environment, covers the setup of the test environment that will be used in the core of the practical elements of this book, while also defining the main approach behind it.
- Chapter 4, Attacking Web, Mobile, and IoT Applications, deals, primarily, with SQL injection against traditional web applications, which is the most common context, using both manual and automated techniques, relying on the toolset we discuss in the previous chapter. We will see, moreover, how mobile applications and IoT devices can also be vulnerable to SQL injection attacks, showing practical examples.
- Chapter 5, Preventing SQL Injection with Defensive Solutions, focuses on the defensive side of things: now that we know that such an impressive and destructive type of vulnerability exists – and how simple in principle it would be to exploit it – how can we stop it?
- Chapter 6, Putting It All Together, serves as a review of what you learned in this book by summarizing and analyzing what we've seen, putting everything in a critical perspective and considering the broader implications not only of SQL injection, but also of security vulnerabilities in general, in a world that relies on information technology and data.
작가 소개
▶About the Author
- Ettore Galluccio
Ettore Galluccio has 20+ years' experience in secure system design and cyber risk management and possesses wide-ranging expertise in the defense industry, with a focus on leading high-impact cyber transformation and critical infrastructure programs. Ettore has headed up cybersecurity teams for numerous companies, working on a variety of services, including threat management, secure system life cycle design and implementation, and common criteria certification and cybersecurity program management. Ettore has also directed the EY Cybersecurity Master in collaboration with CINI (National Interuniversity Consortium for Computer Science) and holds various international certifications in information security. His true passion is working on ethical hacking and attack models.
- Edoardo Caselli
Edoardo Caselli is a security enthusiast in Rome, Italy. Ever since his childhood, he has always been interested in information security in all of its aspects, ranging from penetration testing to computer forensics. Edoardo works as a security engineer, putting into practice most aspects in the world of information security, both from a technical and a strategic perspective. He is a master's graduate in computer science engineering, with a focus on cybersecurity, and wrote his thesis on representation models for vulnerabilities in computer networks. Edoardo is also a supporter of the Electronic Frontier Foundation, which advocates free speech and civil rights on online platforms and on the internet.
- Gabriele Lombari
Gabriele Lombari is a cybersecurity professional and enthusiast. During his professional career, he has had the opportunity to participate in numerous projects involving different aspects, concerning both strategic and technical issues, with a particular focus on the power and utilities industry. The activities he has made a contribution to have largely involved application security, architecture security, and infrastructure security. He graduated cum laude in computer science. During his free time, he is passionate about technology, photography, and loves to consolidate his knowledge of topics related to security issues.
- Ettore Galluccio
Ettore Galluccio has 20+ years' experience in secure system design and cyber risk management and possesses wide-ranging expertise in the defense industry, with a focus on leading high-impact cyber transformation and critical infrastructure programs. Ettore has headed up cybersecurity teams for numerous companies, working on a variety of services, including threat management, secure system life cycle design and implementation, and common criteria certification and cybersecurity program management. Ettore has also directed the EY Cybersecurity Master in collaboration with CINI (National Interuniversity Consortium for Computer Science) and holds various international certifications in information security. His true passion is working on ethical hacking and attack models.
- Edoardo Caselli
Edoardo Caselli is a security enthusiast in Rome, Italy. Ever since his childhood, he has always been interested in information security in all of its aspects, ranging from penetration testing to computer forensics. Edoardo works as a security engineer, putting into practice most aspects in the world of information security, both from a technical and a strategic perspective. He is a master's graduate in computer science engineering, with a focus on cybersecurity, and wrote his thesis on representation models for vulnerabilities in computer networks. Edoardo is also a supporter of the Electronic Frontier Foundation, which advocates free speech and civil rights on online platforms and on the internet.
- Gabriele Lombari
Gabriele Lombari is a cybersecurity professional and enthusiast. During his professional career, he has had the opportunity to participate in numerous projects involving different aspects, concerning both strategic and technical issues, with a particular focus on the power and utilities industry. The activities he has made a contribution to have largely involved application security, architecture security, and infrastructure security. He graduated cum laude in computer science. During his free time, he is passionate about technology, photography, and loves to consolidate his knowledge of topics related to security issues.
리뷰
0.0
구매자 별점
0명 평가
이 작품을 평가해 주세요!
건전한 리뷰 정착 및 양질의 리뷰를 위해 아래 해당하는 리뷰는 비공개 조치될 수 있음을 안내드립니다.
- 타인에게 불쾌감을 주는 욕설
- 비속어나 타인을 비방하는 내용
- 특정 종교, 민족, 계층을 비방하는 내용
- 해당 작품의 줄거리나 리디 서비스 이용과 관련이 없는 내용
- 의미를 알 수 없는 내용
- 광고 및 반복적인 글을 게시하여 서비스 품질을 떨어트리는 내용
- 저작권상 문제의 소지가 있는 내용
- 다른 리뷰에 대한 반박이나 논쟁을 유발하는 내용
* 결말을 예상할 수 있는 리뷰는 자제하여 주시기 바랍니다.
이 외에도 건전한 리뷰 문화 형성을 위한 운영 목적과 취지에 맞지 않는 내용은 담당자에 의해 리뷰가 비공개 처리가 될 수 있습니다.아직 등록된 리뷰가 없습니다.
첫 번째 리뷰를 남겨주세요!
첫 번째 리뷰를 남겨주세요!
'구매자' 표시는 유료 작품 결제 후 다운로드하거나 리디셀렉트 작품을 다운로드 한 경우에만 표시됩니다.
- 무료 작품 (프로모션 등으로 무료로 전환된 작품 포함)
- '구매자'로 표시되지 않습니다.
- 시리즈 내 무료 작품
- '구매자'로 표시되지 않습니다. 하지만 같은 시리즈의 유료 작품을 결제한 뒤 리뷰를 수정하거나 재등록하면 '구매자'로 표시됩니다.
- 영구 삭제
- 작품을 영구 삭제해도 '구매자' 표시는 남아있습니다.
- 결제 취소
- '구매자' 표시가 자동으로 사라집니다.
개발/프로그래밍 베스트더보기
- 바이브 코딩 너머 개발자 생존법 (애디 오스마니, 강민혁)
- 혼자 공부하는 바이브 코딩 with 클로드 코드 (조태호)
- 도메인 주도 설계를 위한 함수형 프로그래밍 (스콧 블라신, 박주형)
- AI 엔지니어링 (칩 후옌, 변성윤)
- 요즘 개발자를 위한 시스템 설계 수업 (디렌드라 신하 , 테자스 초프라)
- 요즘 바이브 코딩 클로드 코드 완벽 가이드 (최지호(코드팩토리))
- 언리얼 엔진으로 배우는 게임 디자인 패턴 (스튜어트 버틀러, 톰 올리버)
- 개정2판 | 소프트웨어 아키텍처 The Basics (마크 리처즈, 닐 포드)
- 알아서 잘하는 에이전틱 AI 시스템 구축하기 (안자나바 비스와스, 릭 탈루크다르)
- 러스트 클린 코드 (브렌든 매슈스, 윤인도)
- 기획에서 출시까지 FastAPI 개발 백서 (차경묵 )
- 밑바닥부터 만들면서 배우는 LLM (세바스찬 라시카, 박해선)
- 할루시네이션을 줄여주는 프롬프트 엔지니어링 (한성민 )
- 플러터 엔지니어링 (마지드 하지안, 한국 플러터 커뮤니티)
- 블렌더로 애니 그림체 캐릭터를 만들어보자! 카툰 렌더링편 (나츠모리 카츠, 김모세)
- SRE를 위한 시스템 설계와 구축 (헤더 애드킨스, 벳시 바이어)
- AI 자율학습 커서 × AI로 완성하는 나만의 웹 서비스 (성구(강성규) )
- AI 자율학습 밑바닥부터 배우는 AI 에이전트 (다비드스튜디오)
- 만화로 배우는 리눅스 시스템 관리 1권(PDF 버전) (Piro, 서수환)
- AI 에이전트 생태계 (이주환)
성인 인증 안내
성인 재인증 안내
성인 인증 안내
성인 재인증 안내
청소년보호법에 따라 성인 인증은 1년간
유효하며, 기간이 만료되어 재인증이 필요합니다.
성인 인증 후에 이용해 주세요.
해당 작품은 성인 인증 후 보실 수 있습니다.
성인 인증 후에 이용해 주세요.
청소년보호법에 따라 성인 인증은 1년간
유효하며, 기간이 만료되어 재인증이 필요합니다.
성인 인증 후에 이용해 주세요.
해당 작품은 성인 인증 후 선물하실 수 있습니다.
성인 인증 후에 이용해 주세요.
본문 끝 최상단으로 돌아가기
