SQL Injection Attacks and Defense 2nd Edition

This is definitely a book to get if you want to learn SQLi from the ground up. Many other IT security related books devote a chapter to SQLi that feels rushed or doesn't fully explain the "in/out's" of SQLi. This books starts with the premise that the reader is completely new to the concept of SQLi. The author easily explains the concept, how to detect it, and how to prevent it in a way that is easy to understand. If you ever heard of the "Crawl, Walk, Run" approach, this book beautifully illustrates it. What I love best is that it gives you easy to follow examples without being wordy or verbose. It isn't a book that will melt your brain with boring material, in fact, it is actually quite fun to read and follow along. Like any book that is fun to follow you will have an easier time remembering the material. The book is split into four sections - undestanding SQL injection (Chapter 1), finding SQL injection (Chapters 2 and 3), exploiting SQL injection (Chapters 4-7), and defending against SQL injection (Chapters 8-10).This book will definitely appeal to all audiences interested in the subject from the pro penetration tester, to the novice, IT security student new to the subject, or a database admin that just wants to write more securely.So if you are debating to find a book about SQLi, look no further and pick this book up.

Before I purchased this book, I thought I was pretty damn 1337 with the sequel. How wrong I was!This book is awesome! Any security researcher, web developer, pen tester, or student should read this! Anybody interested in databases should read this! It has tons of code examples in it - MySQL, Oracle SQL, SQL Server, PostgreSQL, Java, C#, and PHP!This book covers all sorts of SQL injections. It covers everything from finding the SQL injection to exploiting the database server. Very well written book and easy to understand. You should have some knowledge of programming, especially knowledge of SQL if you want to read this book. You should know at least one programming language in addition to knowing some basic SQL. Ideally, you will know either PHP, Java, or C#. This is not an intro to sql or intro to programming book. This is not a book on hacking or penetration testing. This is a book on SQL injections and it covers just about anything you can imagine.SQL injections in stored procedures? Yep. SQL injections to gather more information about the database schema? Yep. SQL injections aimed at accessing the server? Yep!As I've said, and I repeat, THIS BOOK IS AWESOME! If you've got any interest at all in hacking web applications, you need to master SQL and SQL injections!

Before I purchased this book, I knew just a little bit about SQL Injection. I knew it existed and I knew a few of the most common techniques. Now I have a very thorough understanding. "SQL Injection Attacks and Defense" is well organized and extremely informative. There are so many technical books out there that are full of fluff. This isn't one of them. SQL Injection Attacks and Defense contains all quality content. I learned a lot about SQL, not enough to make a career out of it but enough to understand the attacks, why they work, and how to prevent them.This is a great resource for penetration testers, recreational hackers, and security professionals. I highly recommend it.

Great book so far, great explanatios and usefull stuff

This book is a great resource for lots of types of people: penetration testers, DB admins, code writers, sysadmins, and others.For pentesters, it has all the tools and manual techniques one needs to confirm or deny the presence of SQL injection for a client. Once confirmed, this book also tells one how to exploit it to gain further access into a network. As a greater bonus, and one I think sets this book apart from others, is that the end of the book includes multiple ways to recommend to a client on how to fix the SQL injection, from better code to network-level appliances (or both!).For others, certain parts of the book may be of more interest than some, but this is still a great book that delivers on depth and breadth. I appreciated that the authors were obviously very knowledgeable about the subject, even going as far as to provide references on how to do SQLi for less-known platforms.

I read both editions of this book and found the content to be valuable because it was applicable to current technologies. The level of detail provided by the authors was impressive and I recommend it to anyone wanting to gain more experience with SQL injection.