The Database Hacker's Handbook: Defending Database Servers

David Litchfield

  • 出版商: Wiley
  • 出版日期: 2005-07-01
  • 定價: $1,750
  • 售價: 9.0$1,575
  • 語言: 英文
  • 頁數: 528
  • 裝訂: Paperback
  • ISBN: 0764578014
  • ISBN-13: 9780764578014
  • 相關分類: 駭客 Hack
  • 立即出貨 (庫存=1)




The book will cover the how to break into and how to defend the most popular database server software. These include:
* Oracle
* Microsoft's SQL Server
* IBM's DB2
* Postgres
* Sybase

Each of these will be examined to show how hackers gain access using various methods from buffer overflow exploitation, privilege escalation through SQL, SQL injection and stored procedure and trigger abuse. Also discussed are those techniques that are specific to each database. With each attack topic presented, ways of preventing such abuse will be discussed.


Table of Contents:

About the Authors.




Part I: Introduction.

Chapter 1: Why Care About Database Security?

Part II: Oracle.

Chapter 2: The Oracle Architecture.

Chapter 3: Attacking Oracle.

Chapter 4: Oracle: Moving Further into the Network.

Chapter 5: Securing Oracle.

Part III: DB2.

Chapter 6: IBM DB2 Universal Database.

Chapter 7: DB2: Discovery, Attack, and Defense.

Chapter 8: Attacking DB2.

Chapter 9: Securing DB2.

Part IV: Informix.

Chapter 10: The Informix Architecture.

Chapter 11: Informix: Discovery, Attack, and Defense.

Chapter 12: Securing Informix.

Part V: Sybase ASE.

Chapter 13: Sybase Architecture.

Chapter 14: Sybase: Discovery, Attack, and Defense.

Chapter 15: Sybase: Moving Further into the Network.

Chapter 16: Securing Sybase.

Part VI: MySQL.

Chapter 17: MySQL Architecture.

Chapter 18: MySQL: Discovery, Attack, and Defense.

Chapter 19: MySQL: Moving Further into the Network.

Chapter 20: Securing MySQL.

Part VII: SQL Server.

Chapter 21: Microsoft SQL Server Architecture.

Chapter 22: SQL Server: Exploitation, Attack, and Defense.

Chapter 23: Securing SQL Server.

Part VIII: PostgreSQL.

Chapter 24: The PostgreSQL Architecture.

Chapter 25: PostgreSQL: Discovery and Attack.

Chapter 26: Securing PostgreSQL.

Appendix A: Example C Code for a Time-Delay SQL Injection Harness.

Appendix B: Dangerous Extended Stored Procedures.

Appendix C: Oracle Default Usernames and Passwords.