Book Image

SQL Injection Strategies

By : Ettore Galluccio, Edoardo Caselli, Gabriele Lombari
Book Image

SQL Injection Strategies

By: Ettore Galluccio, Edoardo Caselli, Gabriele Lombari

Overview of this book

SQL injection (SQLi) is probably the most infamous attack that can be unleashed against applications on the internet. SQL Injection Strategies is an end-to-end guide for beginners looking to learn how to perform SQL injection and test the security of web applications, websites, or databases, using both manual and automated techniques. The book serves as both a theoretical and practical guide to take you through the important aspects of SQL injection, both from an attack and a defense perspective. You’ll start with a thorough introduction to SQL injection and its impact on websites and systems. Later, the book features steps to configure a virtual environment, so you can try SQL injection techniques safely on your own computer. These tests can be performed not only on web applications but also on web services and mobile applications that can be used for managing IoT environments. Tools such as sqlmap and others are then covered, helping you understand how to use them effectively to perform SQL injection attacks. By the end of this book, you will be well-versed with SQL injection, from both the attack and defense perspective.

Related Content you might be interested in

Current Title:

Small book image
SQL Injection Strategies
Ettore Galluccio | Edoardo Caselli | Gabriele Lombari
Jul, 2020 | 210 pages
Small book image
Web Penetration Testing with Kali Linux
Gilberto NajeraGutierrez | Juned Ahmed Ansari
Feb, 2018 | 426 pages
Small book image
Hands-On Application Penetration Testing with Burp Suite
Carlos A Lozano | Riyaz Ahemed Walikar | Dhruv Shah
Feb, 2019 | 366 pages
Small book image
Kali Linux Web Penetration Testing Cookbook
Gilberto NajeraGutierrez
Aug, 2018 | 404 pages
Table of Contents (11 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: (No)SQL Injection in Theory
Section 1: (No)SQL Injection in Theory
Free Chapter
2
Chapter 1: Structured Query Language for SQL Injection
Chapter 1: Structured Query Language for SQL Injection
Technical requirements
An overview of SQL – a relational query language
The syntax and logic of SQL
Security implications of SQL
Weaknesses in the use of SQL
SQL for SQL injection – a recap
Summary
Questions
3
Chapter 2: Manipulating SQL – Exploiting SQL Injection
Chapter 2: Manipulating SQL – Exploiting SQL Injection
Technical requirements
Exploitable SQL commands and syntax
Common SQL injection commands and manipulation
Not only SQL injection – non-relational repositories
The injection vulnerability in non-relational repositories
Wrapping up – (No-)SQL injection in theory
Summary
Questions
4
Section 2: SQL Injection in Practice
Section 2: SQL Injection in Practice
5
Chapter 3: Setting Up the Environment
Chapter 3: Setting Up the Environment
Technical requirements
Understanding the practical approach and introducing the main tools
Overview of the OWASP BWA project
The attacker – configuring your client machine
The target – configuring your target web applications
The target – configuring your target-emulated devices
Operating the lab
Summary
Questions
6
Chapter 4: Attacking Web, Mobile, and IoT Applications
Chapter 4: Attacking Web, Mobile, and IoT Applications
Technical requirements
Attacking traditional web applications– manual techniques
Attacking traditional web applications – automated techniques
Attacking mobile targets
Attacking IoT targets
Summary
Questions
Further reading
7
Chapter 5: Preventing SQL Injection with Defensive Solutions
Chapter 5: Preventing SQL Injection with Defensive Solutions
Technical requirements
Understanding general weaknesses and SQL injection enablers
Treating user input
Sanitization and input control
Defending against SQL injection – code-level defenses
Defending against SQL injection – platform-level defenses
Summary
Questions
8
Chapter 6: Putting It All Together
Chapter 6: Putting It All Together
SQL injection – theory in perspective
SQL injection – practice in perspective
SQL injection and security implications – final comments
Summary
Questions
9
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
10
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Attacking IoT targets

When dealing with IoT devices, we usually consider a complex environment in which these devices are usually at the outermost end of an interconnected network. We usually refer to small devices with low computational power—such as sensors, little appliances, and more—often running embedded systems with minimal functionality. This is because these devices are designed to perform very specialized tasks, which do not require complex operating systems. The result consists of small, handy devices that are always connected and are communicating with other devices, being other small IoT devices or servers, that might collect some kind of data, be it from measuring or input from the device itself.

IoT has been a hot topic recently, and many are investing in these practical technologies, which help to integrate technology in the everyday world. However, at the same time, security has sometimes been neglected in these systems. This is probably due to the...

Previous Section
End of Section 6
Next Section