Product Description
Databases are the nerve center of our economy. Every piece of your personal information is stored there-medical records, bank accounts, employment history, pensions, car registrations, even your children’s grades and what groceries you buy. Database attacks are potentially crippling-and relentless.
In this essential follow-up to The Shellcoder’s Handbook, four of the world’s top security experts teach you to break into and defend the seven most popular database servers. You’ll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.
* Identify and plug the new holes in Oracle and Microsoft(r) SQL Server
* Learn the best defenses for IBM’s DB2(r), PostgreSQL, Sybase ASE, and MySQL(r) servers
* Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access
* Recognize vulnerabilities peculiar to each database
* Find out what the attackers already know
Go to www.wiley.com/go/dbhackershandbook for code samples, security alerts , and programs available for download.
General Purpose, Easy to Customize, Comic Book & Inventory Tracking Database CD | US $39.95 End Date: Sunday May-20-2012 9:41:41 PDT Buy It Now for only: US $39.95 Buy it now | Add to watch list |
Wow – I had to have this book. They are right, he explains everything wrong with Oracle and all about vulnerabilities and exploits.
Amazon User Rating: 5 / 5
This book is simply amazing. I would have expected a book with a handful of descriptions of exploits against the various databases, followed by some lame generalizations about blocking the holes.
Instead, this book offers detailed information on the various exploits, and detailed information on how to fix the problems.
If you are a DBA of any of the major databases, you NEED to pick up this book sooner rather than later. Now that this book is “on the streets”, it’s just a question of time before all hell breaks loose
Amazon User Rating: 5 / 5
So, there I was. I was about to buy a new book and I really had to think hard about what to buy – after reading The Shellcoders Handbook, I was really interested in grabbing a copy of this book, in the end, that’s exactly what I did.
I am happy with my decision to the fullest extent. Not only was it a great brother to The Shellcoders Handbook, but it was also just good reading in general. It covers seven of the most popular databases around, and each section of the book goes over it’s history, it’s flaws, how to propogate after a successful exploit, and finally how to lock down your database. You’d be suprised at how easily and how asinine some of the flaws found in database servers are – it’s almost laughable, some of the flaws that many servers have been prone to are ridiculous.
The book, like it’s brother, covers information that is somewhat dependent on context, but the general concepts you will see and learn are going to remain relevent to all types of research related to the topic at hand for a long time to come.
If you own the Shellcoders Handbook — or even if you don’t –, you should not at all miss on this, The Database Hacker’s Handbook: Defending Database Servers is something security enthusiasts everywhere should have on their shelfs.
Amazon User Rating: 5 / 5
This review is only for the Oracle parts of the book.
The most interesting chapter is “Attacking Oracle”. These guys give phrase “thinking outside of the box” the real meaning. They look for a feature or bug open to the security attack, then they shake it til it breaks. You will see exploits of AUTHID, PL/SQL injections, app. server, dbms_sql.parse bug,… most of them relevant to 9i and 10g versions.
The hacks are mainly in the sections called “Real-World Examples”. Most of the exploits are already patched by Oracle and they are also available on hacking forums, but there were some new ones that were quite a revelation.
The security recommendations in the “Securing Oracle” chapter were too general, you can probably find Internet white papers on hardening Oracle that give more details. But, this book is not really about hardening Oracle, even if it says “Defending Database Servers” with small, blue letters on the front cover. This book is about attacking database servers.
I have seen David Litchfield’s previous work and I am sure he knows (and has tried) more than what is written here. Can we expect to see that in “The Hacker’s Handbook” part II?
Amazon User Rating: 5 / 5
David Litchfield is arguably the foremost expert and evangelist when it comes to database security. He, and his team of compatriots from Next Generation Security Software, have written a book that any database or security administrator should be familiar with.
Even if some of the attacks or exploits described in the book were previously obscure or unknown, the fact that they have been outlined in this book means that administrators need to know about them and defend against them before the “bad guys” read this book and take advantage of them.
One of the best aspects of this book is the way it is organized. Splitting the book into sections devoted to specific database systems makes it exceptionally simple and convenient to use. If you only use MySQL, you can skip all of the information regarding Oracle or Microsoft SQL Server, and just focus on the section of the book that applies to you.
Within each section, the authors provide a tremendous wealth of knowledge. Aside from describing weaknesses, potential exploits and protective measures to defend against them, they also look at the general architecture and the methods of authentication used by the database.
Any database admin should have a copy of this on their desk.
Amazon User Rating: 5 / 5