Book Image

SQL Injection Strategies

By : Ettore Galluccio, Edoardo Caselli, Gabriele Lombari
Book Image

SQL Injection Strategies

By: Ettore Galluccio, Edoardo Caselli, Gabriele Lombari

Overview of this book

SQL injection (SQLi) is probably the most infamous attack that can be unleashed against applications on the internet. SQL Injection Strategies is an end-to-end guide for beginners looking to learn how to perform SQL injection and test the security of web applications, websites, or databases, using both manual and automated techniques. The book serves as both a theoretical and practical guide to take you through the important aspects of SQL injection, both from an attack and a defense perspective. You’ll start with a thorough introduction to SQL injection and its impact on websites and systems. Later, the book features steps to configure a virtual environment, so you can try SQL injection techniques safely on your own computer. These tests can be performed not only on web applications but also on web services and mobile applications that can be used for managing IoT environments. Tools such as sqlmap and others are then covered, helping you understand how to use them effectively to perform SQL injection attacks. By the end of this book, you will be well-versed with SQL injection, from both the attack and defense perspective.

Related Content you might be interested in

Current Title:

Small book image
SQL Injection Strategies
Ettore Galluccio | Edoardo Caselli | Gabriele Lombari
Jul, 2020 | 210 pages
Small book image
Web Penetration Testing with Kali Linux
Gilberto NajeraGutierrez | Juned Ahmed Ansari
Feb, 2018 | 426 pages
Small book image
Hands-On Application Penetration Testing with Burp Suite
Carlos A Lozano | Riyaz Ahemed Walikar | Dhruv Shah
Feb, 2019 | 366 pages
Small book image
Kali Linux Web Penetration Testing Cookbook
Gilberto NajeraGutierrez
Aug, 2018 | 404 pages
Table of Contents (11 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: (No)SQL Injection in Theory
Section 1: (No)SQL Injection in Theory
Free Chapter
2
Chapter 1: Structured Query Language for SQL Injection
Chapter 1: Structured Query Language for SQL Injection
Technical requirements
An overview of SQL – a relational query language
The syntax and logic of SQL
Security implications of SQL
Weaknesses in the use of SQL
SQL for SQL injection – a recap
Summary
Questions
3
Chapter 2: Manipulating SQL – Exploiting SQL Injection
Chapter 2: Manipulating SQL – Exploiting SQL Injection
Technical requirements
Exploitable SQL commands and syntax
Common SQL injection commands and manipulation
Not only SQL injection – non-relational repositories
The injection vulnerability in non-relational repositories
Wrapping up – (No-)SQL injection in theory
Summary
Questions
4
Section 2: SQL Injection in Practice
Section 2: SQL Injection in Practice
5
Chapter 3: Setting Up the Environment
Chapter 3: Setting Up the Environment
Technical requirements
Understanding the practical approach and introducing the main tools
Overview of the OWASP BWA project
The attacker – configuring your client machine
The target – configuring your target web applications
The target – configuring your target-emulated devices
Operating the lab
Summary
Questions
6
Chapter 4: Attacking Web, Mobile, and IoT Applications
Chapter 4: Attacking Web, Mobile, and IoT Applications
Technical requirements
Attacking traditional web applications– manual techniques
Attacking traditional web applications – automated techniques
Attacking mobile targets
Attacking IoT targets
Summary
Questions
Further reading
7
Chapter 5: Preventing SQL Injection with Defensive Solutions
Chapter 5: Preventing SQL Injection with Defensive Solutions
Technical requirements
Understanding general weaknesses and SQL injection enablers
Treating user input
Sanitization and input control
Defending against SQL injection – code-level defenses
Defending against SQL injection – platform-level defenses
Summary
Questions
8
Chapter 6: Putting It All Together
Chapter 6: Putting It All Together
SQL injection – theory in perspective
SQL injection – practice in perspective
SQL injection and security implications – final comments
Summary
Questions
9
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
10
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Overview of the OWASP BWA project

OWASP keeps a plethora of sub-projects, fueled by the efforts of many people around the world, with the aim of improving the experience of security professionals around the globe and raising awareness of web application security issues. One of the problems that ethical hackers encounter is finding targets that are free to attack without consequence in order to put their knowledge to the test. In the past, some organizations, such as web application security software vendors, put specific web applications on the web to allow the testing of the capabilities of software, or just to educate the public on web application security in general. Some of these applications have been removed or have become progressively harder to find, probably because they were discontinued or were designed to test older versions of application security software. The OWASP BWA project was started to provide people with a collection of some of these web applications to be used...

Previous Section
End of Section 4
Next Section