舉報(bào) 
會(huì)員
SQL Injection Strategies
SQLinjection(SQLi)isprobablythemostinfamousattackthatcanbeunleashedagainstapplicationsontheinternet.SQLInjectionStrategiesisanend-to-endguideforbeginnerslookingtolearnhowtoperformSQLinjectionandtestthesecurityofwebapplications,websites,ordatabases,usingbothmanualandautomatedtechniques.ThebookservesasbothatheoreticalandpracticalguidetotakeyouthroughtheimportantaspectsofSQLinjection,bothfromanattackandadefenseperspective.You’llstartwithathoroughintroductiontoSQLinjectionanditsimpactonwebsitesandsystems.Later,thebookfeaturesstepstoconfigureavirtualenvironment,soyoucantrySQLinjectiontechniquessafelyonyourowncomputer.ThesetestscanbeperformednotonlyonwebapplicationsbutalsoonwebservicesandmobileapplicationsthatcanbeusedformanagingIoTenvironments.Toolssuchassqlmapandothersarethencovered,helpingyouunderstandhowtousethemeffectivelytoperformSQLinjectionattacks.Bytheendofthisbook,youwillbewell-versedwithSQLinjection,fromboththeattackanddefenseperspective.
目錄(70章)
倒序
- 封面
- 版權(quán)信息
- Why subscribe?
- Contributors About the authors
- About the reviewers
- Packt is searching for authors like you
- Preface
- Section 1: (No)SQL Injection in Theory
- Chapter 1: Structured Query Language for SQL Injection
- Technical requirements
- An overview of SQL – a relational query language
- The syntax and logic of SQL
- Security implications of SQL
- Weaknesses in the use of SQL
- SQL for SQL injection – a recap
- Summary
- Questions
- Chapter 2: Manipulating SQL – Exploiting SQL Injection
- Technical requirements
- Exploitable SQL commands and syntax
- Common SQL injection commands and manipulation
- Not only SQL injection – non-relational repositories
- The injection vulnerability in non-relational repositories
- Wrapping up – (No-)SQL injection in theory
- Summary
- Questions
- Section 2: SQL Injection in Practice
- Chapter 3: Setting Up the Environment
- Technical requirements
- Understanding the practical approach and introducing the main tools
- Overview of the OWASP BWA project
- The attacker – configuring your client machine
- The target – configuring your target web applications
- The target – configuring your target-emulated devices
- Operating the lab
- Summary
- Questions
- Chapter 4: Attacking Web Mobile and IoT Applications
- Technical requirements
- Attacking traditional web applications– manual techniques
- Attacking traditional web applications – automated techniques
- Attacking mobile targets
- Attacking IoT targets
- Summary
- Questions
- Further reading
- Chapter 5: Preventing SQL Injection with Defensive Solutions
- Technical requirements
- Understanding general weaknesses and SQL injection enablers
- Treating user input
- Sanitization and input control
- Defending against SQL injection – code-level defenses
- Defending against SQL injection – platform-level defenses
- Summary
- Questions
- Chapter 6: Putting It All Together
- SQL injection – theory in perspective
- SQL injection – practice in perspective
- SQL injection and security implications – final comments
- Summary
- Questions
- Assessments
- Chapter 1
- Chapter 2
- Chapter 3
- Chapter 4
- Chapter 5
- Chapter 6
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時(shí)間:2021-06-18 18:34:39
推薦閱讀
- Web漏洞分析與防范實(shí)戰(zhàn):卷1
- 為你護(hù)航:網(wǎng)絡(luò)空間安全科普讀本(第2版)
- 可信計(jì)算3.0工程初步
- Enterprise Cloud Security and Governance
- INSTANT Windows PowerShell
- 黑客攻防與無(wú)線安全從新手到高手(超值版)
- Kali Linux Wireless Penetration Testing Cookbook
- Python Penetration Testing Cookbook
- 網(wǎng)絡(luò)運(yùn)維親歷記 (網(wǎng)絡(luò)運(yùn)維紀(jì)實(shí)文學(xué))
- 信息安全導(dǎo)論(第2版)
- Bug Bounty Hunting Essentials
- Cybersecurity Threats,Malware Trends,and Strategies
- 云計(jì)算安全防護(hù)技術(shù)
- 安全網(wǎng)絡(luò)構(gòu)建
- 動(dòng)態(tài)賦能網(wǎng)絡(luò)空間防御
- Developing Applications with Salesforce Chatter
- Blockchain Development with Hyperledger
- ATT&CK視角下的紅藍(lán)對(duì)抗實(shí)戰(zhàn)指南
- 企業(yè)安全建設(shè)入門:基于開源軟件打造企業(yè)網(wǎng)絡(luò)安全
- 大數(shù)據(jù)安全治理與防范:反欺詐體系建設(shè)
- 中國(guó)網(wǎng)絡(luò)空間安全前沿科技發(fā)展報(bào)告(2018)
- 網(wǎng)絡(luò)安全應(yīng)急響應(yīng)基礎(chǔ)理論及關(guān)鍵技術(shù)
- INSTANT Penetration Testing:Setting Up a Test Lab How-to
- 中國(guó)網(wǎng)絡(luò)安全等級(jí)保護(hù)制度理解與實(shí)施(英文版)
- Implementing AppFog
- 從實(shí)踐中學(xué)習(xí)Nessus與OpenVAS漏洞掃描
- 網(wǎng)絡(luò)安全之機(jī)器學(xué)習(xí)
- Microsoft Forefront Identity Manager 2010 R2 Handbook
- 大數(shù)據(jù)安全治理與防范:流量反欺詐實(shí)戰(zhàn)
- 博弈論與數(shù)據(jù)保護(hù)
