SQL Injection Attacks and Defense
Author: Justin Clarke
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. It occurs when user input is either incorrectly filtered for escape characters or unexpectedly executed. Lately, this kind of attack was used in the much publicized Heartland breach, so even people outside the IT industry wanted to know what it consists of and how to prevent it. Here is a book that answers those questions.
About the author
Justin Clarke (CISSP, CISM, CISA, MCSE, CEH) is a co-founder and executive director of Gotham Digital Science. He has over ten years of experience in testing the security of networks, web applications, and wireless networks for large financial, retail, and technology clients.
Inside the book
SQL injection is an attack that has gained great media exposure. It exploits a vulnerability that can devastate a business because it allows malicious users to access databases with sensitive information.
This book opens logically with the introduction of the concept, an explanation of the inner workings of application architecture and how it is affected by the SQL injection. The text is peppered with notes, warnings and tips on how to prevent errors that leave the applications vulnerable. The author says that assessing Web applications over the years has led him to conclude that every third one is vulnerable to SQL injection, and that site owners are mostly unaware of a breach having happened.
Every chapter ends with a summary, some short and concise explanations of the main points dealt with in the chapter and a FAQ section – all means of repeating the knowledge introduced before and making it stick.
Chapter 2 teaches you how to find out if you’ve been “hacked” and how to automate the discovery process. Chapter 3 explains how to review code for SQL injections. Chapters 4 and 5 address the attack itself (the “plain” and the blind version) – the exploit techniques, the question of privileges, the extraction of information, etc. Chapters 6 and 7 introduce exploitation of the OS and advanced techniques such as evading input filters and hybrid attacks.
Throughout these last 4 chapters, you get a feel of the scope of different attack approaches used (plus, you can read about real-life examples). In Chapters 8 and 9 you can finally see what defenses are available to you, both at code and at platform level. They are a collection of helpful tips and “musts” that can serve as a guide or a reminder. The last chapter is a large reference collection to help you do the job.
I enjoyed this book very much. It approaches a rather complex issue in a very organized fashion, and the different parts of the text are integrated seamlessly.
It took me almost two whole chapters to understand why this book is so easy to follow (despite its technical nature). The reason is that the author mimics the conversation of teacher and student – questions and answers follow a stream of logic that it’s easy to sink into. And it’s a good choice of method – conversations are usually more easy to remember than monologues.
To find out more about SQL injection attacks, read our interview with Justin Clarke.