舉報 
會員
SQL Injection Strategies
SQLinjection(SQLi)isprobablythemostinfamousattackthatcanbeunleashedagainstapplicationsontheinternet.SQLInjectionStrategiesisanend-to-endguideforbeginnerslookingtolearnhowtoperformSQLinjectionandtestthesecurityofwebapplications,websites,ordatabases,usingbothmanualandautomatedtechniques.ThebookservesasbothatheoreticalandpracticalguidetotakeyouthroughtheimportantaspectsofSQLinjection,bothfromanattackandadefenseperspective.You’llstartwithathoroughintroductiontoSQLinjectionanditsimpactonwebsitesandsystems.Later,thebookfeaturesstepstoconfigureavirtualenvironment,soyoucantrySQLinjectiontechniquessafelyonyourowncomputer.ThesetestscanbeperformednotonlyonwebapplicationsbutalsoonwebservicesandmobileapplicationsthatcanbeusedformanagingIoTenvironments.Toolssuchassqlmapandothersarethencovered,helpingyouunderstandhowtousethemeffectivelytoperformSQLinjectionattacks.Bytheendofthisbook,youwillbewell-versedwithSQLinjection,fromboththeattackanddefenseperspective.
目錄(70章)
倒序
- 封面
- 版權信息
- Why subscribe?
- Contributors About the authors
- About the reviewers
- Packt is searching for authors like you
- Preface
- Section 1: (No)SQL Injection in Theory
- Chapter 1: Structured Query Language for SQL Injection
- Technical requirements
- An overview of SQL – a relational query language
- The syntax and logic of SQL
- Security implications of SQL
- Weaknesses in the use of SQL
- SQL for SQL injection – a recap
- Summary
- Questions
- Chapter 2: Manipulating SQL – Exploiting SQL Injection
- Technical requirements
- Exploitable SQL commands and syntax
- Common SQL injection commands and manipulation
- Not only SQL injection – non-relational repositories
- The injection vulnerability in non-relational repositories
- Wrapping up – (No-)SQL injection in theory
- Summary
- Questions
- Section 2: SQL Injection in Practice
- Chapter 3: Setting Up the Environment
- Technical requirements
- Understanding the practical approach and introducing the main tools
- Overview of the OWASP BWA project
- The attacker – configuring your client machine
- The target – configuring your target web applications
- The target – configuring your target-emulated devices
- Operating the lab
- Summary
- Questions
- Chapter 4: Attacking Web Mobile and IoT Applications
- Technical requirements
- Attacking traditional web applications– manual techniques
- Attacking traditional web applications – automated techniques
- Attacking mobile targets
- Attacking IoT targets
- Summary
- Questions
- Further reading
- Chapter 5: Preventing SQL Injection with Defensive Solutions
- Technical requirements
- Understanding general weaknesses and SQL injection enablers
- Treating user input
- Sanitization and input control
- Defending against SQL injection – code-level defenses
- Defending against SQL injection – platform-level defenses
- Summary
- Questions
- Chapter 6: Putting It All Together
- SQL injection – theory in perspective
- SQL injection – practice in perspective
- SQL injection and security implications – final comments
- Summary
- Questions
- Assessments
- Chapter 1
- Chapter 2
- Chapter 3
- Chapter 4
- Chapter 5
- Chapter 6
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-18 18:34:39
推薦閱讀
- 網絡安全與管理
- 腦洞大開:滲透測試另類實戰攻略
- 白帽子講Web安全(紀念版)
- 網絡安全意識導論
- INSTANT Burp Suite Starter
- 等級保護測評理論及應用
- 數據安全實踐指南
- Applied Network Security
- 信息技術基礎:提高篇·實驗與習題
- 信息安全工程與實踐
- 隱私計算:推進數據“可用不可見”的關鍵技術
- 華為Anti-DDoS技術漫談
- 黑客攻擊與防范實戰從入門到精通
- 隱私保護機器學習
- 黑客攻防入門
- 黑客攻防從入門到精通:實戰篇(第2版)
- 極限黑客攻防:CTF賽題揭秘
- 零信任安全從入門到精通
- Burp Suite Essentials
- 云安全:安全即服務
- 應用軟件安全代碼審查指南(新型網絡安全人才培養叢書)
- Building Virtual Pentesting Labs for Advanced Penetration Testing
- 構建可信白環境:方法與實踐
- Web漏洞搜索
- Microsoft 365 Security Administration:MS-500 Exam Guide
- 走近安全:網絡世界的攻與防
- 內網滲透實戰攻略
- 云計算安全技術
- 涉密信息管理系統
- 零信任安全:技術詳解與應用實踐
