SQL injection - Attacks and defense second edition by Justin Clarke

As my journey to becoming a very solid web application penetration tester continue's just taking the time out to  blog about the SQL Injection Attacks and Defense (Second Edition book). If you don't have this book in your library i would recommend you pick up a copy. This book is an excellent resource if you want to learn the in's and outs of SQL injection and how it works.  I've summarized each chapter of the book so without further ado lets get into it.


This book has 10 chapters

Chapter 1 - What is SQL injection?

This is just basic introduction to the topic of the book. Its kinda of a weird chapter, But I would recommend that you read it and re-read it at the end.


Chapter 2 - Testing for SQL injection

This chapter looks at SQL injection from a hackers perspective and shows how to find SQL injection samples in a web application thats connected to a database. This is a nice intro to the rest of the book. It provides useful tips about displayed SQL errors in MS SQL server, MySQL and Oracle.

Chapter 3 - Reviewing code for SQL injection

This chapter looks at SQL injection from a "developer's point of view and shows how to follow user data through lines of PHP, Java and C# code. The end of the chapter mentions some source code analysis tools like YASCA or the MS Source Code Analyzer for SQL Injection.

Chapter 4 - Exploiting SQL injection

This chapter talks about exploiting SQL injection using steps such as identifying the database, extracting data through UNION statements, using conditional statements, enumerating the database schema, escalating privileges, stealing password hashes, out-of-band communication

Chapter 5 - Blind SQL injection exploitation

This chapter talking about Using time-based, binary search, bit-by-bit inference and response=based techniques, they present ways to infer knowledge out of the interaction with a database.

Chapter 6 - Exploiting the operating system

This chapter discusses ways to read and write files and execute OS commands.

Chapter 7 - Advanced topics

This chapter describes ways to evade input filters, to exploit second-order SQL injection and to use hybrid attacks.

Chapter 8 - Code-level defenses

This is the chapter that "developers" should read without any doubt. The key to avoid SQL injection attacks is to completely code the access to a database based on customised parameters that are out of the users' reach. The authors propose a series of recommendations to validate input and to encode output.

Chapter 9 - Platform-level defenses

Together with excellent coding practices, there are some measures, related to the operating platform, that we can take to avoid SQL injection. These are, for example, using web application firewalls, web server filters, IDSs and securing the database itself.

Chapter 10 - This chapter is the chapter every "white hat hacker" should have at hand when assessing a web app connected to a database. It is a great reference of SQL commands and SQL injection tweaks for SQL Server, MySQL, Oracle, PostgreSQL and even DB2.
one.

Again i would recommend this book to anyone who is serious about really learning about sql injection.