 |
| Download |
By Justin Clarke
- Publisher: Syngress
- Number Of Pages: 474
- Publication Date: 2009-05-15
- ISBN-10 / ASIN: 1597494240
- ISBN-13 / EAN: 9781597494243
Product Description:
SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information to turn to for help. This is the only book devoted exclusively to this long-established but recently growing threat. It includes all the currently known information about these attacks and significant insight from its contributing team of SQL injection experts.
What is SQL injection?-Understand what it is and how it works
Find, confirm, and automate SQL injection discovery
Discover tips and tricks for finding SQL injection within the code
Create exploits using SQL injection
Design to avoid the dangers of these attacks
Summary: Tour de Force Coverage of SQL Injection Issues
Rating: 5
This is a book that I can heartily endorse. My bailiwick, and probably yours too if you are looking here, is data management and database administration. And if you function within that realm, you should be familiar with SQL injection attacks and how to defend them. Not surprisingly, given its title, that is just what this book provides.
SQL injection is quite dangerous, and yet is commonly misunderstood by many. This book, which is devoted exclusively to the SQL injection threat and how to defend against it, provides the knowledge and tactics you will need to understand and combat SQL injection attacks.
From the basics of vulnerability to discovery, exploitation, prevention, and mitigation measures, the book is a SQL injection tour de force. The book is up-to-date and covers unique, publicly unavailable information. One quick example of a a major benefit of this book: you can make the code level and platform level defenses offered in Chapters 8 and 9 can available to the developers and system administrators responsible for Internet development at your shop... which should minimize the risk of SQL injection attacks.
If you are a DBA, programmer, or system analyst involved in writing Internet applications using database systems, then you owe it to yourself to buy and read SQL Injection Attacks and Defense. It just may save your data!
Summary: Finally, the "Bible" for SQL Injection
Rating: 5
I'm giving "SQL Injection Attacks and Defenses" five stars for a few reasons.
First, the book is extremely comprehensive, covering everything from basic "What is SQL Injection?" information to advanced exploit development and static analysis tools (including open source tools).
Second, this book was obviously written very recently. The content is fresh and cutting-edge.
Finally, the book is advanced. Though the reader doesn't necessarily need to know much about SQL Injection in order to start reading it, the book covers as much as anyone would need to know about the subject.
SQL Injection Attacks and Defenses is a well written, comprehensive book that can be extremely useful to security professionals, developers, and database administrators interested in writing or maintaining secure code. It could easily be called the "bible" of SQL Injection.
Summary: Probably Great Book, if I ever see it
Rating: 5
I really would like to give this book 1 star (or zero) and it would be no fault in part of the author, I just didn't want to bring down what is probably going to be a fine publication.
I ordered it two weeks ago when it was so called "in stock" and it still hasn't shipped. It has oscillated between "in stock" and "pre-order" states three times now so I phoned the publisher, who informed me that Amazon should have it. I informed them that if they would check the amazon uk website, the release is in 2009...December??!? They were a little surpised at that.
If you check the Syngress website (not facebook version) the book is listed with a different cover. Does artistic endeavor always push forward release dates? I don't think people who would buy this title would be particularly influenced by an infuriating lack of blue, would they?. Anyway, I am disappointed and writing this since Amazon has no communication path (well none that i could find) on orders when they are in yet to be shipped.
Another annoyance is that I bought several other titles at same time with ship all at once option set, so when I discovered that SQL Injection had gone back into pre-order status I had to split the order up which cost more.
Sorry for the bitching, I needed to vent
PS Publisher called back and said that they have it locally (Aussie) for $AUS40 more than what Amazon are asking, whom don't have it.
