SQL Injection Strategies: Practical techniques to secure old vulnerabilities against modern attacks
暫譯: SQL 注入策略：針對現代攻擊保護舊漏洞的實用技術

Name: SQL Injection Strategies: Practical techniques to secure old vulnerabilities against modern attacks
Price: 1321 TWD
Availability: InStock
Author: Ettore Galluccio , Edoardo Caselli , Gabriele Lombari
ISBN: 183921564X

Ettore Galluccio , Edoardo Caselli , Gabriele Lombari

出版商: Packt Publishing
出版日期: 2020-07-15
售價: $1,390
貴賓價: 9.5 折 $1,321
語言: 英文
頁數: 212
裝訂: Quality Paper - also called trade paper
ISBN: 183921564X
ISBN-13: 9781839215643
相關分類: SQL

立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Learn to exploit vulnerable database applications using SQL injection tools and techniques, while understanding how to effectively prevent attacks

Key Features

Understand SQL injection and its effects on websites and other systems
Get hands-on with SQL injection using both manual and automated tools
Explore practical tips for various attack and defense strategies relating to SQL injection

Book Description

SQL injection (SQLi) is probably the most infamous attack that can be unleashed against applications on the internet. SQL Injection Strategies is an end-to-end guide for beginners looking to learn how to perform SQL injection and test the security of web applications, websites, or databases, using both manual and automated techniques. The book serves as both a theoretical and practical guide to take you through the important aspects of SQL injection, both from an attack and a defense perspective.

You'll start with a thorough introduction to SQL injection and its impact on websites and systems. Later, the book features steps to configure a virtual environment, so you can try SQL injection techniques safely on your own computer. These tests can be performed not only on web applications but also on web services and mobile applications that can be used for managing IoT environments. Tools such as sqlmap and others are then covered, helping you understand how to use them effectively to perform SQL injection attacks.

By the end of this book, you will be well-versed with SQL injection, from both the attack and defense perspective.

What you will learn

Focus on how to defend against SQL injection attacks
Understand web application security
Get up and running with a variety of SQL injection concepts
Become well-versed with different SQL injection scenarios
Discover SQL injection manual attack techniques
Delve into SQL injection automated techniques

Who this book is for

This book is ideal for penetration testers, ethical hackers, or anyone who wants to learn about SQL injection and the various attack and defense strategies against this web security vulnerability. No prior knowledge of SQL injection is needed to get started with this book.

商品描述(中文翻譯)

學習如何利用 SQL 注入工具和技術來攻擊易受攻擊的資料庫應用程式，同時了解如何有效防止攻擊

主要特點

了解 SQL 注入及其對網站和其他系統的影響

使用手動和自動工具進行 SQL 注入的實作

探索與 SQL 注入相關的各種攻擊和防禦策略的實用技巧

書籍描述

SQL 注入 (SQLi) 可能是對互聯網應用程式發動的最臭名昭著的攻擊。《SQL 注入策略》是一本針對初學者的全面指南，旨在教導如何執行 SQL 注入並測試網頁應用程式、網站或資料庫的安全性，使用手動和自動技術。這本書同時作為理論和實踐指南，帶您了解 SQL 注入的重要方面，從攻擊和防禦的角度進行探討。

您將從對 SQL 注入及其對網站和系統影響的徹底介紹開始。接下來，書中將介紹配置虛擬環境的步驟，以便您可以在自己的電腦上安全地嘗試 SQL 注入技術。這些測試不僅可以在網頁應用程式上進行，還可以在用於管理物聯網環境的網路服務和行動應用程式上進行。然後將介紹 sqlmap 等工具，幫助您了解如何有效地使用它們來執行 SQL 注入攻擊。

在本書結束時，您將對 SQL 注入有深入的了解，無論是從攻擊還是防禦的角度。

您將學到什麼

專注於如何防禦 SQL 注入攻擊

了解網頁應用程式安全性

快速掌握各種 SQL 注入概念

熟悉不同的 SQL 注入場景

發現 SQL 注入手動攻擊技術

深入了解 SQL 注入自動化技術

本書適合誰

本書非常適合滲透測試者、道德駭客或任何想要了解 SQL 注入及其各種攻擊和防禦策略的人。開始閱讀本書不需要具備 SQL 注入的先前知識。

作者簡介

Ettore Galluccio has 20+ years' experience in secure system design and cyber risk management and possesses wide-ranging expertise in the defense industry, with a focus on leading high-impact cyber transformation and critical infrastructure programs. Ettore has headed up cybersecurity teams for numerous companies, working on a variety of services, including threat management, secure system life cycle design and implementation, and common criteria certification and cybersecurity program management. Ettore has also directed the EY Cybersecurity Master in collaboration with CINI (National Interuniversity Consortium for Computer Science) and holds various international certifications in information security. His true passion is working on ethical hacking and attack models.

Edoardo Caselli is a security enthusiast in Rome, Italy. Ever since his childhood, he has always been interested in information security in all of its aspects, ranging from penetration testing to computer forensics. Edoardo works as a security engineer, putting into practice most aspects in the world of information security, both from a technical and a strategic perspective. He is a master's graduate in computer science engineering, with a focus on cybersecurity, and wrote his thesis on representation models for vulnerabilities in computer networks. Edoardo is also a supporter of the Electronic Frontier Foundation, which advocates free speech and civil rights on online platforms and on the internet.

Gabriele Lombari is a cybersecurity professional and enthusiast. During his professional career, he has had the opportunity to participate in numerous projects involving different aspects, concerning both strategic and technical issues, with a particular focus on the power and utilities industry. The activities he has made a contribution to have largely involved application security, architecture security, and infrastructure security. He graduated cum laude in computer science. During his free time, he is passionate about technology, photography, and loves to consolidate his knowledge of topics related to security issues.

作者簡介(中文翻譯)

Ettore Galluccio 擁有超過 20 年的安全系統設計和網路風險管理經驗，並在防禦產業中擁有廣泛的專業知識，專注於領導高影響力的網路轉型和關鍵基礎設施計畫。Ettore 曾負責多家公司的網路安全團隊，從事各種服務，包括威脅管理、安全系統生命週期設計與實施，以及通用標準認證和網路安全計畫管理。Ettore 也曾與 CINI（國家計算機科學跨大學聯盟）合作主導 EY 網路安全碩士課程，並持有多項國際資訊安全認證。他真正的熱情在於從事道德駭客和攻擊模型的研究。

Edoardo Caselli 是一位來自義大利羅馬的安全愛好者。自小以來，他對資訊安全的各個方面都充滿興趣，從滲透測試到電腦取證。Edoardo 擔任安全工程師，從技術和策略的角度實踐資訊安全的各個方面。他擁有計算機科學工程碩士學位，專注於網路安全，並撰寫了有關計算機網路漏洞表示模型的論文。Edoardo 也是電子前沿基金會的支持者，該基金會倡導在線平台和互聯網上的言論自由和公民權利。

Gabriele Lombari 是一位網路安全專業人士和愛好者。在他的職業生涯中，他有機會參與許多涉及不同方面的專案，涵蓋策略和技術問題，特別專注於電力和公用事業行業。他所參與的活動主要涉及應用安全、架構安全和基礎設施安全。他以優異的成績畢業於計算機科學。在空閒時間，他熱愛科技、攝影，並喜歡鞏固自己在安全問題相關主題上的知識。