The Oracle Hacker's Handbook: Hacking and Defending Oracle
and over one million other books are available for Amazon Kindle .
Learn more
| |||||||||||||||
 Trade In this Item for up to £2.85
Get an extra £5 when you trade in books worth £10 or more until June 30, 2012. Trade in The Oracle Hacker's Handbook: Hacking and Defending Oracle for an Amazon.co.uk gift card of up to £2.85, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Find more products eligible for trade-in.
|
Frequently Bought Together
Product details
|
More About the Author
Product Description
Product Description
David Litchfield has devoted years to relentlessly searching out the flaws in the Oracle database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems. This in–depth guide explores every technique and tool used by black hat hackers to invade and compromise Oracle and then it shows you how to find the weak spots and defend them. Without that knowledge, you have little chance of keeping your databases truly secure.
From the Back Cover
Knowledge is power, and the power can be yours
While Oracle continues to improve the security features of its product, it still has a long way to go. David Litchfield has devoted years to relentlessly searching out the flaws in this ubiquitous database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems.
Like The Shellcoder′s Handbook and The Database Hacker′s Handbook, this in–depth guide explores every technique and tool used by black hat hackers to invade and compromise Oracle. It shows you how to find the weak spots and defend them. Without that knowledge, you have little chance of keeping your databases truly secure.
- Discover how to deal with the security flaws revealed in the Oracle RDBMS
- Explore some never–before–published forays into Oracle security holes and learn to defend them from attack
- Learn why independent security assessments are not necessarily a guarantee of safety
- See how Oracle 10g Release 2 has improved its security features and where the flaws remain
- Take advantage of extensive and valuable code downloads on the companion Web site at www.wiley.com/go/ohh
Visit our Web site at www.wiley.com/go/ohh
Inside This Book
(Learn More)
Tag this product(What's this?)Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organise and find favourite items. |
Customer Reviews
There are no customer reviews yet on Amazon.co.uk.
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:
7 reviews
12 of 13 people found the following review helpful
Oracle Hacker's Handbook review
25 Jan 2007
Format:Paperback
The Oracle Hacker's Handbook (OHH) is a collection of techniques that could be used by an attacker to gain unauthorised access to an Oracle database server upto and including 10gR2. Most of these techniques are currently not public, so OHH is both new knowledge for an attacker and vital warning to those responsible for securing Oracle servers.
In a nutshell the new attacks include how to gain the version number remotely, brute force usernames, gain passwords/hashes from the OS, attack the listener, escalate privilege internally through PLSQL Packages and Triggers both directly and indirectly as well as defeating VPD. These attacks are illustrated both directly and through application server. By using these techniques and by accessing the Oracle files directly through the OS an attacker would be able to gain DBA privileges on most secured servers. Additionally using the code examples included an attacker could gain password hashes and then the actual DBA clear text password from the network using the password decryption code included. This will work even with complex quoted passwords.
This is the most effective public analysis of security vulnerabilities in Oracle products so far.
OHH is a technical book and not really an introduction to the subject though it could be picked up reasonably quickly as the text avoids unnecessary jargon.
The book could be enhanced by including more on defense strategies, such as, how to prepare and respond to an attack where the attacker has gained the clear text DBA password.
OHH has a free download site for pre-written proof of concept code which will helps avoid unnecessary typing. From a general readability point of view the book is concise and to the point. The sections are logically laid out and the examples have worked when tested. I would recommend those involved in Oracle security to read this book as soon as they can.
In a nutshell the new attacks include how to gain the version number remotely, brute force usernames, gain passwords/hashes from the OS, attack the listener, escalate privilege internally through PLSQL Packages and Triggers both directly and indirectly as well as defeating VPD. These attacks are illustrated both directly and through application server. By using these techniques and by accessing the Oracle files directly through the OS an attacker would be able to gain DBA privileges on most secured servers. Additionally using the code examples included an attacker could gain password hashes and then the actual DBA clear text password from the network using the password decryption code included. This will work even with complex quoted passwords.
This is the most effective public analysis of security vulnerabilities in Oracle products so far.
OHH is a technical book and not really an introduction to the subject though it could be picked up reasonably quickly as the text avoids unnecessary jargon.
The book could be enhanced by including more on defense strategies, such as, how to prepare and respond to an attack where the attacker has gained the clear text DBA password.
OHH has a free download site for pre-written proof of concept code which will helps avoid unnecessary typing. From a general readability point of view the book is concise and to the point. The sections are logically laid out and the examples have worked when tested. I would recommend those involved in Oracle security to read this book as soon as they can.
4 of 5 people found the following review helpful
This book is like a knife... you can cut the bread or you can kill with it...
10 Feb 2007
Format:Paperback
When I have started with this book I was amazed and afraid both. By this book all those tricks of SQL injections in Oracle has started to be a public knowledge. So this book is like a knife... you can cut the bread or you can kill with it. :) But let's be honest. It is always better to know especially when you are DBA, because of you are always far behind the attackers who probably spend their lifetime on browsing the code for security flaws. For that reason everyone how is responsible for practical Oracle security should read this book and learn how to defend. I belive that this book will grow in the future and will provide more & more examples. That is the game we use to play. New releases, new bugs, new flaws, new workarounds and finally some vendor final fixes. That is how oracle security process cycle should work. It is worth to be mentioned that in terms of quality, David Litchfield has started completly new period in cycle.
2 of 3 people found the following review helpful
Interesting Reading
10 Aug 2007
Format:Paperback|Amazon Verified Purchase
After reading it I thought "...well what were you expecting?, the keys to the house of Larry Ellison also?". It has interesting information for a non hacker like me, but much of the security problems are in the Oracle source code, and therefore there is not much I can do about it. Yes, now I know what not to do in the new code I program. You have to be a programmer to make sense of the code listings and have seen like dumps of snifers before. The language used by the author is clear for me.
Hope this helps
Hope this helps
Were these reviews helpful?
Let us know
Listmania!
Look for similar items by category
- Books > Computing & Internet > Databases > Data Storage & Management > Database Management Systems
- Books > Computing & Internet > Databases > Oracle
- Books > Computing & Internet > Digital Lifestyle > Online Shopping > Amazon
- Books > Computing & Internet > Networking & Security > Network Topics
- Books > Computing & Internet > Networking & Security > Security
Look for similar items by subject
Feedback
- Would you like to update product info or give feedback on images?
- I am the Author, and I want to comment on my book.
- I am the Publisher, and I want to comment on this book.
|
