Read more
SQL injection is a technique that exploits security vulnerabilities in a website by inserting malicious code into the database that runs it. Such attacks can be used to deface or disable public websites, spread viruses and other malware, or steal sensitive information such as credit card numbers, Social Security Numbers, or passwords. The only book devoted exclusively to this long-established but recently growing threat, SQL Injection Attacks and Defense, 2e, is the definitive resource for understanding, finding, exploiting, and defending against this increasingly popular and particularly destructive type of Internet-based attack. The First Edition was winner of the Best Book Bejtlich Read Award.
List of contents
1. Introduction
2. History of SQL Injection
3. Understanding SQL Injection
4. SQL Injection on Different Databases
5. SQL Injection on Different Technologies
6. SQL Injection Testing Techniques
7. Defenses
8. Case Studies
Appendices - SQL Injection Cheat Sheet
About the author
Justin Clarke (CISSP, CISM, CISA, MCSE, CEH) is a cofounder and executive director of Gotham Digital Science, based in the United Kingdom. He has over ten years of experience in testing the security of networks, web applications, and wireless networks for large financial, retail, and technology clients in the United States, the United Kingdom and New Zealand.
