SQL Injection Strategies

Learn to exploit vulnerable database applications using SQL injection tools and techniques, while understanding how to effectively prevent attacks

▶Book Description
SQL injection (SQLi) is probably the most infamous attack that can be unleashed against applications on the internet. SQL Injection Strategies is an end-to-end guide for beginners looking to learn how to perform SQL injection and test the security of web applications, websites, or databases, using both manual and automated techniques. The book serves as both a theoretical and practical guide to take you through the important aspects of SQL injection, both from an attack and a defense perspective.

You'll start with a thorough introduction to SQL injection and its impact on websites and systems. Later, the book features steps to configure a virtual environment, so you can try SQL injection techniques safely on your own computer. These tests can be performed not only on web applications but also on web services and mobile applications that can be used for managing IoT environments. Tools such as sqlmap and others are then covered, helping you understand how to use them effectively to perform SQL injection attacks.

By the end of this book, you will be well-versed with SQL injection, from both the attack and defense perspective.

▶What You Will Learn
-Focus on how to defend against SQL injection attacks
-Understand web application security
-Get up and running with a variety of SQL injection concepts
-Become well-versed with different SQL injection scenarios
-Discover SQL injection manual attack techniques
-Delve into SQL injection automated techniques

▶Key Features
-Understand SQL injection and its effects on websites and other systems
-Get hands-on with SQL injection using both manual and automated tools
-Explore practical tips for various attack and defense strategies relating to SQL injection

▶Who This Book Is For
This book is ideal for penetration testers, ethical hackers, or anyone who wants to learn about SQL injection and the various attack and defense strategies against this web security vulnerability. No prior knowledge of SQL injection is needed to get started with this book.

▶What this book covers
- Chapter 1, Structured Query Language for SQL Injection, serves as a theoretical introduction to the topic, describing at a high level what SQL is, what it is used for, and its possible weaknesses that lead to SQL injection. This theoretical overview is crucial in order to understand concepts behind SQL injection such as database management systems, database models, and SQL.

- Chapter 2, Manipulating SQL – Exploiting SQL Injection, continues with the theoretical approach to the topic, getting more in touch with the practical aspects of SQL injection attacks. This chapter includes examples of input strings that could be used to trigger SQL injection for many different purposes.

- Chapter 3, Setting Up the Environment, covers the setup of the test environment that will be used in the core of the practical elements of this book, while also defining the main approach behind it.

- Chapter 4, Attacking Web, Mobile, and IoT Applications, deals, primarily, with SQL injection against traditional web applications, which is the most common context, using both manual and automated techniques, relying on the toolset we discuss in the previous chapter. We will see, moreover, how mobile applications and IoT devices can also be vulnerable to SQL injection attacks, showing practical examples.

- Chapter 5, Preventing SQL Injection with Defensive Solutions, focuses on the defensive side of things: now that we know that such an impressive and destructive type of vulnerability exists – and how simple in principle it would be to exploit it – how can we stop it?

- Chapter 6, Putting It All Together, serves as a review of what you learned in this book by summarizing and analyzing what we've seen, putting everything in a critical perspective and considering the broader implications not only of SQL injection, but also of security vulnerabilities in general, in a world that relies on information technology and data.