SQL Injection Attacks and Defense and over 2 million other books are available for Amazon Kindle . Learn more
£22.19
  • RRP: £36.99
  • You Save: £14.80 (40%)
FREE Delivery in the UK.
Only 4 left in stock (more on the way).
Dispatched from and sold by Amazon.
Gift-wrap available.
Quantity:1
SQL Injection Attacks and... has been added to your Basket
Trade in your item
Get a £11.06
Gift Card.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

SQL Injection Attacks and Defense Paperback – 13 Jul 2012


See all 2 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
Paperback
"Please retry"
£22.19
£22.00 £34.14
£22.19 FREE Delivery in the UK. Only 4 left in stock (more on the way). Dispatched from and sold by Amazon. Gift-wrap available.

Frequently Bought Together

SQL Injection Attacks and Defense + The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Price For Both: £45.30

Buy the selected items together


Trade In this Item for up to £11.06
Trade in SQL Injection Attacks and Defense for an Amazon Gift Card of up to £11.06, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Product details

  • Paperback: 560 pages
  • Publisher: Syngress; 2nd Revised edition edition (13 July 2012)
  • Language: English
  • ISBN-10: 1597499633
  • ISBN-13: 978-1597499637
  • Product Dimensions: 23.1 x 18.8 x 3.8 cm
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: 59,423 in Books (See Top 100 in Books)

More About the Author

Justin Clarke is a co-founder and Director at Gotham Digital Science, based in the United Kingdom. He has over twelve years of experience in assessing the security of networks, web applications, and wireless networks for large financial, retail, technology and government clients in the United States, the United Kingdom and New Zealand.

Justin is the the technical editor and lead author of "SQL Injection Attacks and Defense" (Syngress 2009), co-author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly 2005), a contributing author to "Network Security Assessment: Know Your Network, 2nd Edition" (O'Reilly 2007), as well as a speaker at a number of conferences and events on security topics, including Black Hat USA, EuSecWest, OSCON, ISACA, RSA, SANS, OWASP, and the British Computer Society. He is the author of the open source SQLBrute blind SQL injection testing tool, and is the Chapter Leader for the London chapter of OWASP.

Product Description

Review

"Lead author and technical editor Clarke has organized the volume's 11 chapters into sections on understanding, finding, exploiting, and defending SQL injection, and has also included reference materials that provide information on database platforms not covered in detail in the main body of the text."--Reference and Research Book News, August 2013 "The most stunningly impactful attacks often leverage SQL Injection vulnerabilities. This book has everything you need to fight back, from applying the core fundamentals to protecting emerging technologies against such attacks. Keep it by your bedside and distribute it within your business."--Nitesh Dhanjani, Executive Director at Ernst & Young LLP "Securing SQL Server - Protecting Your Database from Attackers and SQL Injection Attacks and Defense are two new books out on SQL security. The first, Securing SQL Server - Protecting Your Database from Attackers, author Denny Cherry takes a high-level approach to the topic. The book explains how to secure and protect a SQL database from attack. The book details how to configure SQL against both internal and external-based attacks. This updated edition includes new chapters on analysis services, reporting services, and storage area network security. For anyone new to SQL security, Cherry does a great job of explaining what needs to be done in this valuable guide. In and SQL Injection Attacks and Defense, editor Justin Clarke enlists the help of a set of experts on how to deal with SQL injection attacks. Since SQL is so ubiquitous on corporate networks, with sites often running hundreds of SQL servers; SQL is prone to attacks. SQL injection is a technique often used to attack databases through a website and is often done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database. SQL injection is a code injection technique that exploits security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. With that, the need to defend servers against such attacks is an imperative and SQL Injection Attacks and Defense should be required reading for anyone tasks with securing SQL servers."--RSA Conference

About the Author

Justin Clarke (CISSP, CISM, CISA, MCSE, CEH) is a cofounder and executive director of Gotham Digital Science, based in the United Kingdom. He has over ten years of experience in testing the security of networks, web applications, and wireless networks for large financial, retail, and technology clients in the United States, the United Kingdom and New Zealand.

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

5.0 out of 5 stars
5 star
1
4 star
0
3 star
0
2 star
0
1 star
0
See the customer review
Share your thoughts with other customers

Most Helpful Customer Reviews

2 of 2 people found the following review helpful By Peter A. Daly on 27 July 2013
Format: Kindle Edition
Contains everything you could possibly want to know about SQLi. Brilliant little "extra tips" sections. I at first tried reading it front to back, but that proved long and laborious but I am still slowly working at it.
The best thing to do is just use it for reference, read the chapters that interest you, then the chapters that you require to fill the gaps.
Still a brilliant book and I 100% recommend it to anyone wanting to know about SQLi.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 0 reviews
3 of 3 people found the following review helpful
Excellent Book 24 Dec. 2012
By AW - Published on Amazon.com
Format: Paperback
This book is a great resource for lots of types of people: penetration testers, DB admins, code writers, sysadmins, and others.

For pentesters, it has all the tools and manual techniques one needs to confirm or deny the presence of SQL injection for a client. Once confirmed, this book also tells one how to exploit it to gain further access into a network. As a greater bonus, and one I think sets this book apart from others, is that the end of the book includes multiple ways to recommend to a client on how to fix the SQL injection, from better code to network-level appliances (or both!).

For others, certain parts of the book may be of more interest than some, but this is still a great book that delivers on depth and breadth. I appreciated that the authors were obviously very knowledgeable about the subject, even going as far as to provide references on how to do SQLi for less-known platforms.
1 of 1 people found the following review helpful
This is the second time ever I gave a book 5 stars. It definitely deserves it! 17 April 2014
By Jason Z. - Published on Amazon.com
Format: Paperback Verified Purchase
This is definitely a book to get if you want to learn SQLi from the ground up. Many other IT security related books devote a chapter to SQLi that feels rushed or doesn't fully explain the "in/out's" of SQLi. This books starts with the premise that the reader is completely new to the concept of SQLi. The author easily explains the concept, how to detect it, and how to prevent it in a way that is easy to understand. If you ever heard of the "Crawl, Walk, Run" approach, this book beautifully illustrates it. What I love best is that it gives you easy to follow examples without being wordy or verbose. It isn't a book that will melt your brain with boring material, in fact, it is actually quite fun to read and follow along. Like any book that is fun to follow you will have an easier time remembering the material. The book is split into four sections - undestanding SQL injection (Chapter 1), finding SQL injection (Chapters 2 and 3), exploiting SQL injection (Chapters 4-7), and defending against SQL injection (Chapters 8-10).

This book will definitely appeal to all audiences interested in the subject from the pro penetration tester, to the novice, IT security student new to the subject, or a database admin that just wants to write more securely.

So if you are debating to find a book about SQLi, look no further and pick this book up.
1 of 1 people found the following review helpful
Excellent book on SQL injections! 19 Aug. 2013
By Charles A - Published on Amazon.com
Format: Paperback Verified Purchase
Before I purchased this book, I thought I was pretty damn 1337 with the sequel. How wrong I was!

This book is awesome! Any security researcher, web developer, pen tester, or student should read this! Anybody interested in databases should read this! It has tons of code examples in it - MySQL, Oracle SQL, SQL Server, PostgreSQL, Java, C#, and PHP!

This book covers all sorts of SQL injections. It covers everything from finding the SQL injection to exploiting the database server. Very well written book and easy to understand. You should have some knowledge of programming, especially knowledge of SQL if you want to read this book. You should know at least one programming language in addition to knowing some basic SQL. Ideally, you will know either PHP, Java, or C#. This is not an intro to sql or intro to programming book. This is not a book on hacking or penetration testing. This is a book on SQL injections and it covers just about anything you can imagine.

SQL injections in stored procedures? Yep. SQL injections to gather more information about the database schema? Yep. SQL injections aimed at accessing the server? Yep!

As I've said, and I repeat, THIS BOOK IS AWESOME! If you've got any interest at all in hacking web applications, you need to master SQL and SQL injections!
1 of 1 people found the following review helpful
Everything you need to know about SQL Injection 1 Jun. 2013
By Word Nerd - Published on Amazon.com
Format: Paperback Verified Purchase
Before I purchased this book, I knew just a little bit about SQL Injection. I knew it existed and I knew a few of the most common techniques. Now I have a very thorough understanding. "SQL Injection Attacks and Defense" is well organized and extremely informative. There are so many technical books out there that are full of fluff. This isn't one of them. SQL Injection Attacks and Defense contains all quality content. I learned a lot about SQL, not enough to make a career out of it but enough to understand the attacks, why they work, and how to prevent them.

This is a great resource for penetration testers, recreational hackers, and security professionals. I highly recommend it.
Valuable material! 13 Jun. 2014
By Kyle Ellison - Published on Amazon.com
Format: Paperback
I read both editions of this book and found the content to be valuable because it was applicable to current technologies. The level of detail provided by the authors was impressive and I recommend it to anyone wanting to gain more experience with SQL injection.
Were these reviews helpful? Let us know


Feedback