Book Image

SQL Injection Strategies

By : Ettore Galluccio, Edoardo Caselli, Gabriele Lombari
Book Image

SQL Injection Strategies

By: Ettore Galluccio, Edoardo Caselli, Gabriele Lombari

Overview of this book

SQL injection (SQLi) is probably the most infamous attack that can be unleashed against applications on the internet. SQL Injection Strategies is an end-to-end guide for beginners looking to learn how to perform SQL injection and test the security of web applications, websites, or databases, using both manual and automated techniques. The book serves as both a theoretical and practical guide to take you through the important aspects of SQL injection, both from an attack and a defense perspective. You’ll start with a thorough introduction to SQL injection and its impact on websites and systems. Later, the book features steps to configure a virtual environment, so you can try SQL injection techniques safely on your own computer. These tests can be performed not only on web applications but also on web services and mobile applications that can be used for managing IoT environments. Tools such as sqlmap and others are then covered, helping you understand how to use them effectively to perform SQL injection attacks. By the end of this book, you will be well-versed with SQL injection, from both the attack and defense perspective.

Related Content you might be interested in

Current Title:

Small book image
SQL Injection Strategies
Ettore Galluccio | Edoardo Caselli | Gabriele Lombari
Jul, 2020 | 210 pages
Small book image
Web Penetration Testing with Kali Linux
Gilberto NajeraGutierrez | Juned Ahmed Ansari
Feb, 2018 | 426 pages
Small book image
Hands-On Application Penetration Testing with Burp Suite
Carlos A Lozano | Riyaz Ahemed Walikar | Dhruv Shah
Feb, 2019 | 366 pages
Small book image
Kali Linux Web Penetration Testing Cookbook
Gilberto NajeraGutierrez
Aug, 2018 | 404 pages
Table of Contents (11 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: (No)SQL Injection in Theory
Section 1: (No)SQL Injection in Theory
Free Chapter
2
Chapter 1: Structured Query Language for SQL Injection
Chapter 1: Structured Query Language for SQL Injection
Technical requirements
An overview of SQL – a relational query language
The syntax and logic of SQL
Security implications of SQL
Weaknesses in the use of SQL
SQL for SQL injection – a recap
Summary
Questions
3
Chapter 2: Manipulating SQL – Exploiting SQL Injection
Chapter 2: Manipulating SQL – Exploiting SQL Injection
Technical requirements
Exploitable SQL commands and syntax
Common SQL injection commands and manipulation
Not only SQL injection – non-relational repositories
The injection vulnerability in non-relational repositories
Wrapping up – (No-)SQL injection in theory
Summary
Questions
4
Section 2: SQL Injection in Practice
Section 2: SQL Injection in Practice
5
Chapter 3: Setting Up the Environment
Chapter 3: Setting Up the Environment
Technical requirements
Understanding the practical approach and introducing the main tools
Overview of the OWASP BWA project
The attacker – configuring your client machine
The target – configuring your target web applications
The target – configuring your target-emulated devices
Operating the lab
Summary
Questions
6
Chapter 4: Attacking Web, Mobile, and IoT Applications
Chapter 4: Attacking Web, Mobile, and IoT Applications
Technical requirements
Attacking traditional web applications– manual techniques
Attacking traditional web applications – automated techniques
Attacking mobile targets
Attacking IoT targets
Summary
Questions
Further reading
7
Chapter 5: Preventing SQL Injection with Defensive Solutions
Chapter 5: Preventing SQL Injection with Defensive Solutions
Technical requirements
Understanding general weaknesses and SQL injection enablers
Treating user input
Sanitization and input control
Defending against SQL injection – code-level defenses
Defending against SQL injection – platform-level defenses
Summary
Questions
8
Chapter 6: Putting It All Together
Chapter 6: Putting It All Together
SQL injection – theory in perspective
SQL injection – practice in perspective
SQL injection and security implications – final comments
Summary
Questions
9
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
10
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Previous Section
Next Section