Holiday Hosting Essentials for the Kitchen
Enjoy fast, free delivery, exclusive deals, and award-winning movies & TV shows.
Buy new:
$59.95
FREE delivery Sunday, March 29
Ships from: Amazon.com
Sold by: Amazon.com
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

  • SQL Injection Attacks and Defense

Follow the author

Get new release updates & improved recommendations
Justin Clarke
Follow
Something went wrong. Please try your request again later.

SQL Injection Attacks and Defense 2nd Edition

by Justin Clarke (Author), Kevvie Fowler (Contributor), Erlend Oftedal (Contributor),
{"desktop_buybox_group_1":[{"displayPrice":"$59.95","priceAmount":59.95,"currencySymbol":"$","integerValue":"59","decimalSeparator":".","fractionalValue":"95","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"fhzdIU321edtdwOF0noQftBPzvjG2fItOR6XFk7II1ufbI5z9AuTtfop3ePyJV%2FssS%2BnvN0xqko0k8oiVkLw4zKbymQVORHTHfiDLPCiDGk41A6035b%2F%2BpbrkP%2F408eovosTpbU6tIYw0dWV5Zl%2F%2FA%3D%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$29.99","priceAmount":29.99,"currencySymbol":"$","integerValue":"29","decimalSeparator":".","fractionalValue":"99","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"fhzdIU321edtdwOF0noQftBPzvjG2fItRMW9dlFTI5BA6TdXluE%2Bw%2Bnz0SbLXutgJjeOj1bRe5wiQ70Vb4gOh7%2FKrIcWB3IPXB95u8%2F2zh46aheQEnz%2BwP8omweHMchgYi%2BCpdTA%2F0ONVkMwNGFIl4yc%2FZqSaFw69oCOkdN9CnNpFeT9rhbwue5PY8bee%2Bxx","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

SQL Injection Attacks and Defense, First Edition: Winner of the Best Book Bejtlich Read Award

"SQL injection is probably the number one problem for any server-side application, and this book unequaled in its coverage." –Richard Bejtlich, Tao Security blog

SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information available for penetration testers, IT security consultants and practitioners, and web/software developers to turn to for help.

SQL Injection Attacks and Defense, Second Edition is the only book devoted exclusively to this long-established but recently growing threat. This is the definitive resource for understanding, finding, exploiting, and defending against this increasingly popular and particularly destructive type of Internet-based attack.

SQL Injection Attacks and Defense, Second Edition includes all the currently known information about these attacks and significant insight from its team of SQL injection experts, who tell you about:

  • Understanding SQL Injection – Understand what it is and how it works
  • Find, confirm and automate SQL injection discovery
  • Tips and tricks for finding SQL injection within code
  • Create exploits for using SQL injection
  • Design apps to avoid the dangers these attacks
  • SQL injection on different databases
  • SQL injection on different technologies
  • SQL injection testing techniques
  • Case Studies
  • Securing SQL Server, Second Edition is the only book to provide a complete understanding of SQL injection, from the basics of vulnerability to discovery, exploitation, prevention, and mitigation measures.
  • Covers unique, publicly unavailable information, by technical experts in such areas as Oracle, Microsoft SQL Server, and MySQL---including new developments for Microsoft SQL Server 2012 (Denali).
  • Written by an established expert, author, and speaker in the field, with contributions from a team of equally renowned creators of SQL injection tools, applications, and educational materials.
Read more
Previous slide of product details
  1. ISBN-10
    1597499633
  2. ISBN-13
    978-1597499637
  3. Edition
    2nd
  4. Publisher
    Syngress
  5. Publication date
    July 2, 2012
  6. Language
    English
  7. Dimensions
    7.4 x 1.5 x 9.1 inches
  8. Print length
    576 pages
Next slide of product details

Frequently bought together

This item: SQL Injection Attacks and Defense
$59.95
Get it as soon as Sunday, Mar 29
Only 4 left in stock (more on the way).
Ships from and sold by Amazon.com.
+
Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters
$30.18
Get it as soon as Sunday, Mar 29
In Stock
Ships from and sold by Amazon.com.
Total price: $00
To see our price, add these items to your cart.
Details
Added to Cart
One of these items ships sooner than the other.
Show details Hide details
Choose items to buy together.

Similar items that may deliver to you quickly

Page 1 of 1 Start over
Previous set of slides
  1. Mastering SQL Injection: A Comprehensive Guide to Exploiting and Defending Databases
    Evelyn Martin
    Hardcover
    $49.99
    Get it as soon as Sunday, Mar 29
    FREE Shipping by Amazon
  3. The Database Hacker's Handbook: Defending Database Servers
    David Litchfield
    Paperback
    $20.86
    Get it as soon as Sunday, Mar 29
    FREE Shipping on orders over $35 shipped by Amazon
  4. Web Application Security: Exploitation and Countermeasures for Modern Web Applications
    Andrew Hoffman
    Paperback
    $44.94
    Get it as soon as Sunday, Mar 29
    FREE Shipping by Amazon
    Only 15 left in stock (more on the way).
  5. RTFM: Red Team Field Manual v2
    Ben Clark
    Paperback
    $13.99
    Get it as soon as Sunday, Mar 29
    FREE Shipping on orders over $35 shipped by Amazon
Next set of slides

Editorial Reviews

Review

"Lead author and technical editor Clarke has organized the volume's 11 chapters into sections on understanding, finding, exploiting, and defending SQL injection, and has also included reference materials that provide information on database platforms not covered in detail in the main body of the text." --Reference and Research Book News, August 2013

"The most stunningly impactful attacks often leverage SQL Injection vulnerabilities. This book has everything you need to fight back, from applying the core fundamentals to protecting emerging technologies against such attacks. Keep it by your bedside and distribute it within your business." --Nitesh Dhanjani, Executive Director at Ernst & Young LLP

"Securing SQL Server - Protecting Your Database from Attackers and SQL Injection Attacks and Defense are two new books out on SQL security. The first, Securing SQL Server - Protecting Your Database from Attackers, author Denny Cherry takes a high-level approach to the topic. The book explains how to secure and protect a SQL database from attack. The book details how to configure SQL against both internal and external-based attacks. This updated edition includes new chapters on analysis services, reporting services, and storage area network security. For anyone new to SQL security, Cherry does a great job of explaining what needs to be done in this valuable guide. In and SQL Injection Attacks and Defense, editor Justin Clarke enlists the help of a set of experts on how to deal with SQL injection attacks. Since SQL is so ubiquitous on corporate networks, with sites often running hundreds of SQL servers; SQL is prone to attacks. SQL injection is a technique often used to attack databases through a website and is often done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database. SQL injection is a code injection technique that exploits security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. With that, the need to defend servers against such attacks is an imperative and SQL Injection Attacks and Defense should be required reading for anyone tasks with securing SQL servers." --RSA Conference

Review

The definitive resource and only book for understanding, finding, exploiting, and defending against the growing threat and damage of SQL injection attacks!

Product details

About the author

Follow authors to get new release updates, plus improved recommendations.
Justin Clarke

Justin Clarke

Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Justin Clarke is a co-founder and Director at Gotham Digital Science, based in the United Kingdom. He has over twelve years of experience in assessing the security of networks, web applications, and wireless networks for large financial, retail, technology and government clients in the United States, the United Kingdom and New Zealand.

Justin is the the technical editor and lead author of “SQL Injection Attacks and Defense” (Syngress 2009), co-author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O’Reilly 2005), a contributing author to "Network Security Assessment: Know Your Network, 2nd Edition" (O’Reilly 2007), as well as a speaker at a number of conferences and events on security topics, including Black Hat USA, EuSecWest, OSCON, ISACA, RSA, SANS, OWASP, and the British Computer Society. He is the author of the open source SQLBrute blind SQL injection testing tool, and is the Chapter Leader for the London chapter of OWASP.

Related books

Page 1 of 1Start Over
Sponsored
Previous page
  1. Shop the Store on Amazon ›
    SQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL (Coding & Programming - QuickStart Guides)
    SQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL (Coding & Programming - QuickStart Guides)
    4.64.6 out of 5 stars1,835
    $21.26 List:$27.99
  2. Shop the Store on Amazon ›
    Machine Learning with PyTorch and Scikit-Learn: Develop machine learning and deep learning models with Python
    Machine Learning with PyTorch and Scikit-Learn: Develop machine learning and deep learning models with Python
    4.64.6 out of 5 stars509
    $37.95 List:$54.99
  3. Shop the Store on Amazon ›
    Computer Networking Bible: [3 in 1] The Complete Crash Course to Effectively Design, Implement and Manage Networks. Including Sections on Security, Performance and Scalability
    Computer Networking Bible: [3 in 1] The Complete Crash Course to Effectively Design, Implement and Manage Networks. Including Sections on Security, Performance and Scalability
    4.34.3 out of 5 stars284
    $32.97
  4. Shop the Store on Amazon ›
    AHIMA CCS Study Guide: First-Attempt Test Strategies and Breakdowns for Medical Coding Professionals to Ace the Ceritifed Coding Specialist Exam + 582 Q&As with Detailed Explanations (6 Full Tests)
    AHIMA CCS Study Guide: First-Attempt Test Strategies and Breakdowns for Medical Coding Professionals to Ace the Ceritifed Coding Specialist Exam + 582 Q&As with Detailed Explanations (6 Full Tests)
    4.44.4 out of 5 stars72
    $39.99
  5. Shop the Store on Amazon ›
    Program Architecture (Security, Audit and Leadership Series)
    Program Architecture (Security, Audit and Leadership Series)
    5.05.0 out of 5 stars10
    $44.99 List:$63.99
Next page

Customer reviews

4.4 out of 5 stars
32 global ratings

Top reviews from the United States

  • Charles A
    5.0 out of 5 stars Excellent book on SQL injections!
    Reviewed in the United States on August 19, 2013
    Format: PaperbackVerified Purchase
    Before I purchased this book, I thought I was pretty damn 1337 with the sequel. How wrong I was!

    This book is awesome! Any security researcher, web developer, pen tester, or student should read this! Anybody interested in databases should read this! It has tons of code examples in it - MySQL, Oracle SQL, SQL Server, PostgreSQL, Java, C#, and PHP!

    This book covers all sorts of SQL injections. It covers everything from finding the SQL injection to exploiting the database server. Very well written book and easy to understand. You should have some knowledge of programming, especially knowledge of SQL if you want to read this book. You should know at least one programming language in addition to knowing some basic SQL. Ideally, you will know either PHP, Java, or C#. This is not an intro to sql or intro to programming book. This is not a book on hacking or penetration testing. This is a book on SQL injections and it covers just about anything you can imagine.

    SQL injections in stored procedures? Yep. SQL injections to gather more information about the database schema? Yep. SQL injections aimed at accessing the server? Yep!

    As I've said, and I repeat, THIS BOOK IS AWESOME! If you've got any interest at all in hacking web applications, you need to master SQL and SQL injections!
    2 people found this helpful
    Helpful
     Report
  • Word Nerd
    5.0 out of 5 stars Everything you need to know about SQL Injection
    Reviewed in the United States on June 1, 2013
    Format: PaperbackVerified Purchase
    Before I purchased this book, I knew just a little bit about SQL Injection. I knew it existed and I knew a few of the most common techniques. Now I have a very thorough understanding. "SQL Injection Attacks and Defense" is well organized and extremely informative. There are so many technical books out there that are full of fluff. This isn't one of them. SQL Injection Attacks and Defense contains all quality content. I learned a lot about SQL, not enough to make a career out of it but enough to understand the attacks, why they work, and how to prevent them.

    This is a great resource for penetration testers, recreational hackers, and security professionals. I highly recommend it.
    One person found this helpful
    Helpful
     Report
  • Jason
    5.0 out of 5 stars This is the second time ever I gave a book 5 stars. It definitely deserves it!
    Reviewed in the United States on April 17, 2014
    Format: PaperbackVerified Purchase
    This is definitely a book to get if you want to learn SQLi from the ground up. Many other IT security related books devote a chapter to SQLi that feels rushed or doesn't fully explain the "in/out's" of SQLi. This books starts with the premise that the reader is completely new to the concept of SQLi. The author easily explains the concept, how to detect it, and how to prevent it in a way that is easy to understand. If you ever heard of the "Crawl, Walk, Run" approach, this book beautifully illustrates it. What I love best is that it gives you easy to follow examples without being wordy or verbose. It isn't a book that will melt your brain with boring material, in fact, it is actually quite fun to read and follow along. Like any book that is fun to follow you will have an easier time remembering the material. The book is split into four sections - undestanding SQL injection (Chapter 1), finding SQL injection (Chapters 2 and 3), exploiting SQL injection (Chapters 4-7), and defending against SQL injection (Chapters 8-10).

    This book will definitely appeal to all audiences interested in the subject from the pro penetration tester, to the novice, IT security student new to the subject, or a database admin that just wants to write more securely.

    So if you are debating to find a book about SQLi, look no further and pick this book up.
    4 people found this helpful
    Helpful
     Report
  • CyberPunk42
    5.0 out of 5 stars Great Book
    Reviewed in the United States on February 25, 2015
    Format: PaperbackVerified Purchase
    Great book so far, great explanatios and usefull stuff
    Helpful
     Report
  • AW
    5.0 out of 5 stars Excellent Book
    Reviewed in the United States on December 24, 2012
    Format: Paperback
    This book is a great resource for lots of types of people: penetration testers, DB admins, code writers, sysadmins, and others.

    For pentesters, it has all the tools and manual techniques one needs to confirm or deny the presence of SQL injection for a client. Once confirmed, this book also tells one how to exploit it to gain further access into a network. As a greater bonus, and one I think sets this book apart from others, is that the end of the book includes multiple ways to recommend to a client on how to fix the SQL injection, from better code to network-level appliances (or both!).

    For others, certain parts of the book may be of more interest than some, but this is still a great book that delivers on depth and breadth. I appreciated that the authors were obviously very knowledgeable about the subject, even going as far as to provide references on how to do SQLi for less-known platforms.
    4 people found this helpful
    Helpful
     Report
  • Kyle Ellison
    5.0 out of 5 stars Valuable material!
    Reviewed in the United States on June 12, 2014
    Format: Paperback
    I read both editions of this book and found the content to be valuable because it was applicable to current technologies. The level of detail provided by the authors was impressive and I recommend it to anyone wanting to gain more experience with SQL injection.
    Helpful
     Report

Top reviews from other countries

Translate all reviews to English
  • Annalinda
    5.0 out of 5 stars Perfetto!
    Reviewed in Italy on September 28, 2014
    Format: PaperbackVerified Purchase
    Libro arrivato in ottime condizioni come da descrizione. Consegna celere e puntuale con la stima di consegna del corriere! Grazie!
    Report
  • AmazonKunde0815
    5.0 out of 5 stars Geballtes Wissen in einem sehr guten Buch
    Reviewed in Germany on January 12, 2015
    Format: PaperbackVerified Purchase
    Ich hatte mir dieses Buch zuvor in einer Onlinebibliothek angeschaut und musste mir es danach einfach in Druckvariante kaufen. Gestoßen bin ich auf dieses Buches im Rahmen einer wissenschaftlichen Seminararbeit über SQL-Injection. Es steht wirklich alles was man wissen sollte in diesem Buch, von der Zusammenarbeit zwischen Webappliaktionen und Datenbanken über Angriffsmethoden bis hin zu Verteidigiungsmechanismen. Man merkt beim Lesen schnell, dass die Autoren wirklich hochqualifizierte Referenten in den jeweiligen Themen sind, auch wenn das Fachenglisch manchmal schwer zu lesen ist.
    Meiner Meinung nach gehört dieses Buch in jedes Bücherregal eines IT-Sicherheitsexperten, da man wirklich alles nachschlagen kann. Wirklich, Wirklich gut.
    Report
  • Steve
    5.0 out of 5 stars Good
    Reviewed in the United Kingdom on July 6, 2019
    Format: PaperbackVerified Purchase
    Lots of relevant information.
    Report
  • Cliente de Amazon
    4.0 out of 5 stars Excelente libro
    Reviewed in Mexico on February 20, 2017
    Format: PaperbackVerified Purchase
    Muy explicito buenos ejemplos es importante saber como se realiza este tipo de ataques para poder contrarestarlos y poder minimizar la posibles vulnerabilidades
    Report
See more reviews