0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

SQL Injection Strategies

You're reading from SQL Injection Strategies Practical techniques to secure old vulnerabilities against modern attacks

Product type Paperback

Published in Jul 2020

Publisher Packt

ISBN-13 9781839215643

Length 210 pages

Edition 1st Edition

Languages

SQL

Concepts

Network Security

Authors (4):

Galluccio

Gabriele Lombari

Caselli

Lombari

View More author details

Table of Contents (11) Chapters

Preface

1. Section 1: (No)SQL Injection in Theory

2. Chapter 1: Structured Query Language for SQL Injection FREE CHAPTER

3. Chapter 2: Manipulating SQL – Exploiting SQL Injection

4. Section 2: SQL Injection in Practice

5. Chapter 3: Setting Up the Environment

6. Chapter 4: Attacking Web, Mobile, and IoT Applications

7. Chapter 5: Preventing SQL Injection with Defensive Solutions

8. Chapter 6: Putting It All Together

9. Assessments

10. Other Books You May Enjoy

Leave a review - let other readers know what you think

Chapter 5

User input should be always considered potentially malicious, so it always needs to be sanitized and validated.
Validating input means deciding if it's valid or not before it's accepted. Blacklisting blocks all known invalid input, while whitelisting only accepts known valid input.
Parameterized queries are a way to build query statements that consist of breaking the query strings in parameters. These are first stored as variables and then inserted into the query's body.
Character encoding and escaping are useful for transforming harmful characters that could otherwise be interpreted by SQL causing SQL injection.
The purpose of a Web Application Firewall (WAF) is to filter requests at the application level, as well as to identify and prevent dangerous requests from reaching the application.
No. If an attacker gains access to the encrypted data, they could also obtain the encryption key, thus rendering encryption useless.

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (4)

Galluccio

Galluccio

Ettore Galluccio has 20+ years' experience in secure system design and cyber risk management and possesses wide-ranging expertise in the defense industry, with a focus on leading high-impact cyber transformation and critical infrastructure programs. Ettore has headed up cybersecurity teams for numerous companies, working on a variety of services, including threat management, secure system life cycle design and implementation, and common criteria certification and cybersecurity program management. Ettore has also directed the EY Cybersecurity Master in collaboration with CINI (National Interuniversity Consortium for Computer Science) and holds various international certifications in information security. His true passion is working on ethical hacking and attack models.

See other products by Galluccio

Gabriele Lombari

Gabriele Lombari

Gabriele Lombari is a cybersecurity professional and enthusiast. During his professional career, he has had the opportunity to participate in numerous projects involving different aspects, concerning both strategic and technical issues, with a particular focus on the power and utilities industry. The activities he has made a contribution to have largely involved application security, architecture security, and infrastructure security. He graduated cum laude in computer science. During his free time, he is passionate about technology, photography, and loves to consolidate his knowledge of topics related to security issues.

See other products by Gabriele Lombari

Caselli

Caselli

Edoardo Caselli is a security enthusiast in Rome, Italy. Ever since his childhood, he has always been interested in information security in all of its aspects, ranging from penetration testing to computer forensics. Edoardo works as a security engineer, putting into practice most aspects in the world of information security, both from a technical and a strategic perspective. He is a master's graduate in computer science engineering, with a focus on cybersecurity, and wrote his thesis on representation models for vulnerabilities in computer networks. Edoardo is also a supporter of the Electronic Frontier Foundation, which advocates free speech and civil rights on online platforms and on the internet.

See other products by Caselli

Lombari

Lombari

Gabriele Lombari is a cybersecurity professional and enthusiast. During his professional career, he has had the opportunity to participate in numerous projects involving different aspects, concerning both strategic and technical issues, with a particular focus on the power and utilities industry. The activities he has made a contribution to have largely involved application security, architecture security, and infrastructure security. He graduated cum laude in computer science. During his free time, he is passionate about technology, photography, and loves to consolidate his knowledge of topics related to security issues.

See other products by Lombari

Other recommended products

Related to this chapter

Burp Suite Cookbook

Burp Suite Cookbook

The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.

Sep 2018 11h 56m

Hands-On Application Penetration Testing with Burp Suite

Hands-On Application Penetration Testing with Burp Suite

Using Burp Suite, you can quickly build proof of concepts, extract data via an exploit, attack multiple end points in an application and even begin to script complex multi stage attacks. This book will provide a hands-on coverage on how you can get started with executing an application penetration test and be sure of the results.

Feb 2019 12h 12m

Learning Python Web Penetration Testing

Learning Python Web Penetration Testing

This book will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for every main activity in the process. It will show you how to test for security vulnerabilities in web applications just like security professionals and hackers do.

Jun 2018 4h 36m

Bug Bounty Hunting Essentials

Bug Bounty Hunting Essentials

Bug Bounty hunting is a new method which companies use to test their applications. There is no dedicated methodology in place right now to help researchers upskill themselves and become bug bounty hunters, that is why there is ambiguity as to what the field is about, the book solves that problem. The book allows readers to train themselves as bug bounty hunters to excel in the field of application security.

Learn Kali Linux 2019

Learn Kali Linux 2019

The current trend of various hacking and security breaches displays how important it has become to pentest your environment, to ensure end point protection. This book will take you through the latest version of Kali Linux to efficiently deal with various crucial security aspects such as confidentiality, integrity, access control and authentication.

Nov 2019 18h 20m

ASP.NET Core 5 Secure Coding Cookbook

ASP.NET Core 5 Secure Coding Cookbook

There are various ways to fix an ASP.NET Core web application security flaw. However, very few books share expert advice relating to which approaches work best for ASP.NET Core apps – unlike this book. The ASP.NET Core Secure Coding Cookbook is your guide to tackling the most common ASP.NET Core web application vulnerabilities.

Jul 2021 10h 48m

Web Penetration Testing with Kali Linux

Web Penetration Testing with Kali Linux

This book covers everything you need to set up a Kali Linux lab, the latest generation of the BackTrack Linux penetration testing and security auditing Linux distribution. Learn how to use the hundred tools Kali Linux has so you can manage security tasks such as penetration testing, forensics, and reverse engineering.

Feb 2018 14h 12m

Kali Linux Web Penetration Testing Cookbook

Kali Linux Web Penetration Testing Cookbook

Kali Linux is the most popular open-source penetration toolkit used for effective web penetration testing. This book will teach you, in the form of step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure.

Aug 2018 13h 28m

Learn Penetration Testing

Learn Penetration Testing

A penetration test, also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF). This book teaches you various penetration testing techniques in order to become a proficient Penetration tester.

May 2019 14h 8m

Applied Network Security

Applied Network Security

Computer networks are increasing at an exponential rate and the most challenging factor organisations are currently facing is network security. Breaching a network is not considered an ingenious effort anymore, so it is very important to gain expertise in securing your network.

Apr 2017 11h 40m

Hands-On Bug Hunting for Penetration Testers

Hands-On Bug Hunting for Penetration Testers

Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.

Sep 2018 8h 20m

Network Vulnerability Assessment

Network Vulnerability Assessment

Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model.

Aug 2018 8h 28m

Personalised recommendations for you

Based on your interests and search pattern

Mastering PowerShell Scripting

Mastering PowerShell Scripting

PowerShell scripts provides a convenient method for automating tasks, using them proficiently can be challenging. This all-inclusive guide begins at the basics and covers advanced concepts, equipping you with tips to become an expert in PowerShell Core 7.3 scripting.

May 2024 27h 32m

Network Automation with Nautobot

Network Automation with Nautobot

This book will help you understand why a network source of truth is needed for long-term network automation success, which will in turn save you hundreds of hours in deploying and integrating Nautobot into network automation.

May 2024 27h 12m

NGINX HTTP Server

NGINX HTTP Server

Explore the power of NGINX with this guide covering an array of essential practical topics, including securing your infrastructure with automatic TLS certificates, placing NGINX in front of your existing applications, and much more.

May 2024 8h 44m

Mastering Azure Virtual Desktop

Mastering Azure Virtual Desktop

This updated edition will help you plan an Azure Virtual Desktop Architecture, implement its infrastructure, and manage its access and security. With content aligned with the exam objectives, it'll help you ace the Microsoft AZ-140 exam.

Jul 2024 23h 56m

Learn Ansible will teach you how to write Ansible Playbooks for deploying simple apps. This updated edition covers the latest Ansible features, helping you confidently implement Ansible in your daily workflows.

May 2024 13h 48m

HashiCorp Terraform Associate (003) Exam Guide

HashiCorp Terraform Associate (003) Exam Guide

This book will help you explore HashiCorp Terraform and prepare for Associate (003) certification, from understanding core concepts to advanced modules. You'll gain hands-on expertise, troubleshoot with confidence, and more.

May 2024 11h 28m

Kubernetes – An Enterprise Guide

Kubernetes – An Enterprise Guide

Navigate the complexities of Kubernetes and fully leverage its capabilities for enterprise applications. This edition dives into advanced deployments, groundbreaking techniques, and insights that will elevate your skills and redefine your expertise.

Aug 2024 22h 44m

Atlassian DevOps Toolchain Cookbook

Atlassian DevOps Toolchain Cookbook

Master setting up a DevOps toolchain using Atlassian tools and Open DevOps as a framework with this recipe-driven guide to automated testing, integration, deployment, observability, and incident management for streamlining development processes.

Jul 2024 16h 48m

AWS Certified Developer Associate Certification and Beyond

AWS Certified Developer Associate Certification and Beyond

This is your guide to passing the challenging AWS Certified Developer – Associate certification exam and setting yourself up for a rewarding career. Through a sample project, it explains how to design, architect, and implement applications on AWS.

Jul 2024 23h 40m

Implementing GitOps with Kubernetes

Implementing GitOps with Kubernetes

This book provides step-by-step tutorials and hands-on examples for effectively implementing GitOps practices in your Kubernetes deployments. You'll learn how to automate, monitor, and secure your infrastructure for efficient application delivery.

Aug 2024 14h 48m