What this book covers
Chapter 1, Structured Query Language for SQL Injection, serves as a theoretical introduction to the topic, describing at a high level what SQL is, what it is used for, and its possible weaknesses that lead to SQL injection. This theoretical overview is crucial in order to understand concepts behind SQL injection such as database management systems, database models, and SQL.
Chapter 2, Manipulating SQL – Exploiting SQL Injection, continues with the theoretical approach to the topic, getting more in touch with the practical aspects of SQL injection attacks. This chapter includes examples of input strings that could be used to trigger SQL injection for many different purposes.
Chapter 3, Setting Up the Environment, covers the setup of the test environment that will be used in the core of the practical elements of this book, while also defining the main approach behind it.
Chapter 4, Attacking Web, Mobile, and IoT Applications, deals, primarily, with SQL injection against traditional web applications, which is the most common context, using both manual and automated techniques, relying on the toolset we discuss in the previous chapter. We will see, moreover, how mobile applications and IoT devices can also be vulnerable to SQL injection attacks, showing practical examples.
Chapter 5, Preventing SQL Injection with Defensive Solutions, focuses on the defensive side of things: now that we know that such an impressive and destructive type of vulnerability exists – and how simple in principle it would be to exploit it – how can we stop it?
Chapter 6, Putting It All Together, serves as a review of what you learned in this book by summarizing and analyzing what we've seen, putting everything in a critical perspective and considering the broader implications not only of SQL injection, but also of security vulnerabilities in general, in a world that relies on information technology and data.