The Database Hacker's Handbook
Defending Database Servers
David Lichtfield, Chris Anley, John Heasman, Bill Grindlay
Résumé
The book will cover the how to break into and how to defend the most popular database server software. These include:
- Oracle
- Microsoft's SQL Server
- IBM's DB2
- Postgres
- Sybase
- MySQL
Each of these will be examined to show how hackers gain access using various methods from buffer overflow exploitation, privilege escalation through SQL, SQL injection and stored procedure and trigger abuse. Also discussed are those techniques that are specific to each database. With each attack topic presented, ways of preventing such abuse will be discussed.
L'auteur - David Lichtfield
David Litchfield specializes in searching for new threats to database systems and web applications and holds the unofficial world record for finding major security flaws. He has lectured to both British and U.S. government security agencies on database security and is a regular speaker at the Blackhat Security Briefings. He is a co-author of The Shellcoder's Handbook, SQL Server Security, and Special Ops. In his spare time he is the Managing Director of Next Generation Security Software Ltd.
L'auteur - Chris Anley
Chris Anley is a co-author of The Shellcoder's Handbook, a best-selling book about security vulnerability research. He has published whitepapers and security advisories on a number of database systems, including SQL Server, Sybase, MySQL, DB2, and Oracle.
L'auteur - John Heasman
John Heasman is a principal security consultant at NGS Software. He is a prolific security researcher and has published many security advisories relating to high-profile products such as Microsoft Windows, Real Player, Apple Quick-Time, and PostgreSQL.
L'auteur - Bill Grindlay
Bill Grindlay is a senior security consultant and software engineer at NGS Software. He has worked on both the generalized vulnerability scanner Typhon III and the NGSSQuirreL family of database security scanners. He is a co-author of the database administrator's guide, SQL Server Security.
Sommaire
- Introduction
- Why Care About Database Security?
- Oracle
- The Oracle Architecture
- Attacking Oracle
- Oracle: Moving Further into the Network
- Securing Oracle
- DB2
- IBM DB2 Universal Database
- DB2: Discovery, Attack, and Defense
- Attacking DB2
- Securing DB2
- Informix
- The Informix Architecture
- Informix: Discovery, Attack, and Defense
- Securing Informix
- Sybase ASE
- Sybase Architecture
- Sybase: Discovery, Attack, and Defense
- Sybase: Moving Further into the Network
- Securing Sybase
- MySQL
- MySQL Architecture
- MySQL: Discovery, Attack, and Defense
- MySQL: Moving Further into the Network
- Securing MySQL
- SQL Server
- Microsoft SQL Server Architecture
- SQL Server: Exploitation, Attack, and Defense
- Securing SQL Server
- PostgreSQL
- The PostgreSQL Architecture
- PostgreSQL: Discovery and Attack
- Securing PostgreSQL
- Appendix A: Example C Code for a Time-Delay SQL Injection Harness
- Appendix B: Dangerous Extended Stored Procedures
- Appendix C: Oracle Default Usernames and Passwords
Caractéristiques techniques
PAPIER | |
Éditeur(s) | Wiley |
Auteur(s) | David Lichtfield, Chris Anley, John Heasman, Bill Grindlay |
Parution | 02/08/2005 |
Nb. de pages | 500 |
Format | 19 x 23 |
Couverture | Broché |
Poids | 780g |
Intérieur | Noir et Blanc |
EAN13 | 9780764578014 |
ISBN13 | 978-0-7645-7801-4 |
Avantages Eyrolles.com
Nos clients ont également acheté
Consultez aussi
- Les meilleures ventes en Graphisme & Photo
- Les meilleures ventes en Informatique
- Les meilleures ventes en Construction
- Les meilleures ventes en Entreprise & Droit
- Les meilleures ventes en Sciences
- Les meilleures ventes en Littérature
- Les meilleures ventes en Arts & Loisirs
- Les meilleures ventes en Vie pratique
- Les meilleures ventes en Voyage et Tourisme
- Les meilleures ventes en BD et Jeunesse