Jump to content
united7170

Syngress - SQL Injection Attacks and Defense (2009)

By united7170, in Off-topic

Recommended Posts

united7170 Newbie

united7170

Posted
Posted

preview001.png

Content: 

Chapter 1 What Is SQL Injection?
1-Introduction
2-Understanding How Web Applications Work.
3-A Simple Application Architecture
4-A More Complex Architecture
5-Understanding SQL Injection
6-High-Profile Examples
7-Understanding How It Happens
8-Dynamic String Building
9-Incorrectly Handled Escape Characters
10-Incorrectly Handled Types
11-Incorrectly Handled Query Assembly
12-Incorrectly Handled Errors
13-Incorrectly Handled Multiple Submissions
14-Insecure Database Configuration
15-Summary
16-Solutions Fast Track
17-Frequently Asked Questions

Chapter 2 Testing for SQL Injection
1-Introduction
2-Finding SQL Injection
3-Testing by Inference
4-Identifying Data Entry
5-GET Requests
6-POST Requests
7-Other Injectable Data
8-Manipulating Parameters
9-Information Workf low
10-Database Errors
11-Commonly Displayed SQL Errors
12-Microsoft SQL Server Errors
13-MySQL Errors
14-Oracle Errors
15-Generic Errors
16-HTTP Code Errors
17-Different Response Sizes
18Blind Injection Detection
19-Confirming SQL Injection
20-Differentiating Numbers and Strings
21-Inline SQL Injection
22-Injecting Strings Inline
23-Injecting Numeric Values Inline
24-Terminating SQL Injection
25-Database Comment Syntax
26-Using Comments
27-Executing Multiple Statements
28-Time Delays
29-Automating SQL Injection Discovery
30-Tools for Automatically Finding SQL Injection
31-HP WebInspect
32-IBM Rational AppScan
33-HP Scrawlr
34-SQLiX
35-Paros Proxy
36-Summary
37-Solutions Fast Track
38-Frequently Asked Questions

Chapter 3 Reviewing Code for SQL Injection
1-Introduction
2-Reviewing Source Code for SQL Injection
3-Dangerous Coding Behaviors
4-Dangerous Functions
5-Following the Data
6-Following Data in PHP
7-Following Data in Java
8-Following Data in C#
9-Reviewing PL/SQL and T-SQL Code
10-Automated Source Code Review
11-Yet Another Source Code Analyzer
12-Pixy
13-AppCodeScan
14-LAPSE
15-Security Compass Web Application Analysis Tool (SWAAT)
16-Microsoft Source Code Analyzer for SQL Injection
17-Microsoft Code Analysis Tool .NET (CAT.NET)
18-Commercial Source Code Review Tools
19-Ounce
20-Source Code Analysis
21-CodeSecure
22-Summary
23-Solutions Fast Track
24-Frequently Asked Questions

Chapter 4 Exploiting SQL Injection
1-Introduction
2-Understanding Common Exploit Techniques
3-Using Stacked Queries
4-Identifying the Database
5-Non-Blind Fingerprint
6-Banner Grabbing
7-Blind Fingerprint
8-Extracting Data through UNION Statements
9-Matching Columns
10-Matching Data Types
11-Using Conditional Statements
12-Approach 1: Time-based
13-Approach 2: Error-based
14-Approach 3: Content-based
15-Working with Strings
16-Extending the Attack
17-Using Errors for SQL Injection
18-Error Messages in Oracle
19-Enumerating the Database Schema
20-SQL Server
21-MySQL
22-Oracle
23-Escalating Privileges
24-SQL Server
25-Privilege Escalation on Unpatched Servers
26-Oracle
27-Stealing the Password Hashes
28-SQL Server
29-MySQL
30-Oracle
31-Oracle Components
32-APEX
33-Oracle Internet Directory
34-Out-of-Band Communication
35-E-mail
36-Microsoft SQL Server
37-Oracle
38-HTTP/DNS
39-File System
40-SQL Server
41-MySQL
42-Oracle
43-Automating SQL Injection Exploitation
44-Sqlmap
45-Sqlmap Example
46-Bobcat
47-BSQL
48-Other Tools
49-Summary
50-Solutions Fast Track
51-Frequently Asked Questions

Chapter 5 Blind SQL Injection Exploitation
1-Introduction
2-Finding and Confirming Blind SQL Injection
3-Forcing Generic Errors
4-Injecting Queries with Side Effects
5-Spitting and Balancing
6-Common Blind SQL Injection Scenarios
7-Blind SQL Injection Techniques
8-Inference Techniques
9-Increasing the Complexity of Inference Techniques
10-Alternative Channel Techniques
11-Using Time-Based Techniques
12-Delaying Database Queries
13-MySQL Delays
14-Generic MySQL Bit-by-Bit Inference Exploits
15-SQL Server Delays
16-Generic SQL Server Binary Search Inference Exploits
17-Generic SQL Server Bit-by-Bit Inference Exploits
18-Oracle Delays
19-Time-Based Inference Considerations
20-Using Response-Based Techniques
21-MySQL Response Techniques
22-SQL Server Response Techniques
23-Oracle Response Techniques
24-Returning More Than One Bit of Information
25-Using Alternative Channels
26-Database Connections
27-DNS Exfiltration
28-E-mail Exfiltration
29-HTTP Exfiltration
30-Automating Blind SQL Injection Exploitation
31-Absinthe
32-BSQL Hacker
33-SQLBrute
34-Sqlninja
35-Squeeza
36-Summary
37-Solutions Fast Track
38-Frequently Asked Questions

Chapter 6 Exploiting the Operating System
1-Introduction
2-Accessing the File System
3-Reading Files
4-MySQL
5-Microsoft SQL Server
6-Oracle
7-Writing Files
8-MySQL
9-Microsoft SQL Server
10-Oracle
11-Executing Operating System Commands
12-Direct Execution
13-Oracle
14-DBMS_SCHEDULER
15-PL/SQL Native
16-Other Possibilities
17-Alter System Set Events
18-PL/SQL Native 9i
19-Buffer Overflows
20-Custom Application Code
21-MySQL
22-Microsoft SQL Server
23-Consolidating Access
24-Summary
25-Solutions Fast Track
26-Frequently Asked Questions
27-Endnotes

Chapter 7 Advanced Topics
1-Introduction
2-Evading Input Filters
3-Using Case Variation
4-Using SQL Comments
5-Using URL Encoding
6-Using Dynamic Query Execution
7-Using Null Bytes
8-Nesting Stripped Expressions
9-Exploiting Truncation
10-Bypassing Custom Filters
11-Using Non-Standard Entry Points
12-Exploiting Second-Order SQL Injection
13-Finding Second-Order Vulnerabilities
14-Using Hybrid Attacks
15-Leveraging Captured Data
16-Creating Cross-Site Scripting
17-Running Operating System Commands on Oracle
18-Exploiting Authenticated Vulnerabilities
19-Summary
20-Solutions Fast Track
21-Frequently Asked Questions

Chapter 8 Code-Level Defenses
1-Introduction
2-Using Parameterized Statements
3-Parameterized Statements in Java
4-Parameterized Statements in .NET (C#)
5-Parameterized Statements in PHP
6-Parameterized Statements in PL/SQL
7-Validating Input
8-Whitelisting
9-Blacklisting
10-Validating Input in Java
11-Validating Input in .NET
12-Validating Input in PHP
13-Encoding Output
14-Encoding to the Database
15-Encoding for Oracle
16-Oracle dbms_asser
17-Encoding for Microsoft SQL Server
18-Encoding for MySQL
19-Canonicalization
20-Canonicalization Approache
21-Working with Unicode
22-Designing to Avoid the Dangers of SQL Injection
23-Using Stored Procedures
24-Using Abstraction Layers
25-Handling Sensitive Data
26-Avoiding Obvious Object Names
27-Setting Up Database Honeypots

Chapter 9 Reference
1-Introduction
2-Structured Query Language (SQL) Primer
3-SQL Queries
4-SELECT Statement
5-UNION Operator
6-INSERT Statement
7-UPDATE Statement
8-DELETE Statement
9-*zensiert* Statement
10-CREATE TABLE Statement
11-ALTER TABLE Statement
12-GROUP BY Statement
13-ORDER BY Clause
14-Limiting the Result Set
15-SQL Injection Quick Reference
16-Identifying the Database Platform
17-Identifying the Database Platform via Time Delay Inference
18-Identifying the Database Platform via SQL Dialect Inference
19-Combining Multiple Rows into a Single Row
20-Microsoft SQL Server Cheat Sheet.
21-Blind SQL Injection Functions: Microsoft SQL Server
22-Microsoft SQL Server Privilege Escalation
23-OPENROWSET Reauthentication Attack
24-Attacking the Database Server: Microsoft SQL Server
25-System Command Execution via xp_cmdshell
26-xp_cmdshell Alternative
27-Cracking Database Passwords
28-Microsoft SQL Server 2005 Hashes
29-File Read/Write
30-MySQL Cheat Sheet
31-Enumerating Database Configuration Information and Schema
32-Blind SQL Injection Functions: MySQL
33-Attacking the Database Server: MySQL
34-System Command Execution
35-Cracking Database Passwords
36-Attacking the Database Directly
37-File Read/Write
38-Oracle Cheat Sheet
39-Enumerating Database Configuration Information and Schema
40-Blind SQL Injection Functions: Oracle
41-Attacking the Database Server: Oracle
42-Command Execution
43-Reading Local Files
44-Reading Local Files (PL/SQL Injection Only)
45-Writing Local Files (PL/SQL Injection Only)
46-Cracking Database Passwords
47-Bypassing Input Validation Filters
48-Quote Filters
49-HTTP Encoding
50-Troubleshooting SQL Injection Attacks
51-SQL Injection on Other Platforms
52-PostgreSQL Cheat Sheet
53-Enumerating Database Configuration Information and Schema
54-Blind SQL Injection Functions: PostgreSQL
55-Attacking the Database Server: PostgreSQL
56-System Command Executio
57-Local File Access
58-Cracking Database Passwords
59-DB2 Cheat Sheet
60-Enumerating Database Configuration Information and Schema
61-Blind SQL Injection Functions: DB2
62-Informix Cheat Sheet
63-Enumerating Database Configuration Information and Schema
64-Blind SQL Injection Functions: Informix
65-Ingres Cheat Sheet
66-Enumerating Database Configuration Information and Schema
67-Blind SQL Injection Functions: Ingres
68-Microsoft Access
69-Resources
70-SQL Injection White Papers
71-SQL Injection Cheat Sheets
72-SQL Injection Exploit Tools
73-Password Cracking Tools
74-Solutions Fast Track

Download: GirlShare - Download SQLI.rar

pass: rstcenter

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...