Book Image

SQL Injection Strategies

By : Ettore Galluccio, Edoardo Caselli, Gabriele Lombari
Book Image

SQL Injection Strategies

By: Ettore Galluccio, Edoardo Caselli, Gabriele Lombari

Overview of this book

SQL injection (SQLi) is probably the most infamous attack that can be unleashed against applications on the internet. SQL Injection Strategies is an end-to-end guide for beginners looking to learn how to perform SQL injection and test the security of web applications, websites, or databases, using both manual and automated techniques. The book serves as both a theoretical and practical guide to take you through the important aspects of SQL injection, both from an attack and a defense perspective. You’ll start with a thorough introduction to SQL injection and its impact on websites and systems. Later, the book features steps to configure a virtual environment, so you can try SQL injection techniques safely on your own computer. These tests can be performed not only on web applications but also on web services and mobile applications that can be used for managing IoT environments. Tools such as sqlmap and others are then covered, helping you understand how to use them effectively to perform SQL injection attacks. By the end of this book, you will be well-versed with SQL injection, from both the attack and defense perspective.
Table of Contents (11 chapters)
1
Section 1: (No)SQL Injection in Theory
4
Section 2: SQL Injection in Practice

Treating user input

What do we mean by trust when talking about security? It is actually one of the most important concepts when dealing with security in general, not just application security.

Let's say you are walking along the street when a stranger approaches you asking for directions. You make a decision on whether to give directions to this person—sure, they could be an ill-intentioned person who is willing to attack you to steal your money, but you may decide that this risk is low; after all, there are many people around you, and you feel pretty confident that you'll be fine even if the situation takes a wrong turn. You then decide to trust this person in this specific case.

Of course, how wise this choice is depends on the context. Let's say you are now guarding an important energy plant when suddenly a person approaches you saying they forgot some important documents on the site and want to go through. As your role is making sure no one accesses...