SQL Injection Attacks and Defense, 2/e (Paperback)

SQL Injection Attacks and Defense, First Edition: Winner of the Best Book Bejtlich Read Award

"SQL injection is probably the number one problem for any server-side application, and this book unequaled in its coverage." -Richard Bejtlich, Tao Security blog

SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information available for penetration testers, IT security consultants and practitioners, and web/software developers to turn to for help.

SQL Injection Attacks and Defense, Second Edition is the only book devoted exclusively to this long-established but recently growing threat. This is the definitive resource for understanding, finding, exploiting, and defending against this increasingly popular and particularly destructive type of Internet-based attack.

SQL Injection Attacks and Defense, Second Edition includes all the currently known information about these attacks and significant insight from its team of SQL injection experts, who tell you about:

• Understanding SQL Injection - Understand what it is and how it works
• Find, confirm and automate SQL injection discovery
• Tips and tricks for finding SQL injection within code
• Create exploits for using SQL injection
• Design apps to avoid the dangers these attacks
• SQL injection on different databases
• SQL injection on different technologies
• SQL injection testing techniques
• Case Studies

• Securing SQL Server, Second Edition is the only book to provide a complete understanding of SQL injection, from the basics of vulnerability to discovery, exploitation, prevention, and mitigation measures.
• Covers unique, publicly unavailable information, by technical experts in such areas as Oracle, Microsoft SQL Server, and MySQL---including new developments for Microsoft SQL Server 2012 (Denali).
• Written by an established expert, author, and speaker in the field, with contributions from a team of equally renowned creators of SQL injection tools, applications, and educational materials.

《SQL注入攻擊與防禦，第一版：》獲得最佳書籍Bejtlich讀獎

"SQL注入可能是任何伺服器端應用程式的頭號問題，而這本書在其涵蓋範圍上無與倫比。" - Richard Bejtlich，《Tao Security blog》

SQL注入代表著網際網路上最危險且眾所周知，卻又被誤解的安全漏洞之一，主要是因為沒有一個中央資料庫可供滲透測試人員、IT安全顧問和從業人員以及網頁/軟體開發人員尋求幫助。

《SQL注入攻擊與防禦，第二版》是唯一一本專門研究這種歷史悠久但近年來日益增長的威脅的書籍。這是了解、發現、利用和防禦這種越來越受歡迎且特別具破壞性的基於網際網路的攻擊的權威資源。

《SQL注入攻擊與防禦，第二版》包含了目前已知的所有關於這些攻擊的資訊，以及來自SQL注入專家團隊的重要見解，他們告訴您：

- 理解SQL注入-了解它是什麼以及它是如何運作的
- 尋找、確認和自動化SQL注入的發現
- 在程式碼中尋找SQL注入的技巧和訣竅
- 創建利用SQL注入的攻擊
- 設計應用程式以避免這些攻擊的危險
- 不同資料庫上的SQL注入
- 不同技術上的SQL注入
- SQL注入測試技術
- 案例研究

《保護SQL Server，第二版》是唯一一本提供完整理解SQL注入的書籍，從漏洞的基礎知識到發現、利用、預防和緩解措施。

涵蓋了獨特且公開不可得的資訊，由Oracle、Microsoft SQL Server和MySQL等領域的技術專家提供，包括針對Microsoft SQL Server 2012（Denali）的新發展。

由該領域的知名專家、作者和演講者撰寫，並由一個同樣著名的SQL注入工具、應用程式和教育資料的創作者團隊共同貢獻。