{"product_id":"the-database-hackers-handbook-isbn-9780764578014","title":"The Database Hacker's Handbook","description":"Databases are the nerve center of our economy. Every piece of your personal information is stored there-medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling-and relentless.\u003cbr\u003e \u003cbr\u003e In this essential follow-up to The Shellcoder's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. You'll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.\u003cbr\u003e * Identify and plug the new holes in Oracle and Microsoft(r) SQL Server\u003cbr\u003e * Learn the best defenses for IBM's DB2(r), PostgreSQL, Sybase ASE, and MySQL(r) servers\u003cbr\u003e * Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access\u003cbr\u003e * Recognize vulnerabilities peculiar to each database\u003cbr\u003e * Find out what the attackers already know\u003cbr\u003e \u003cbr\u003e Go to www.wiley.com\/go\/dbhackershandbook for code samples, security alerts , and programs available for download.  About the Authors.  \u003cp\u003ePreface.\u003c\/p\u003e \u003cp\u003eAcknowledgments.\u003c\/p\u003e \u003cp\u003eIntroduction.\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart I: Introduction.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eChapter 1: Why Care About Database Security?\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart II: Oracle.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eChapter 2: The Oracle Architecture.\u003c\/p\u003e \u003cp\u003eChapter 3: Attacking Oracle.\u003c\/p\u003e \u003cp\u003eChapter 4: Oracle: Moving Further into the Network.\u003c\/p\u003e \u003cp\u003eChapter 5: Securing Oracle.\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart III: DB2.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eChapter 6: IBM DB2 Universal Database.\u003c\/p\u003e \u003cp\u003eChapter 7: DB2: Discovery, Attack, and Defense.\u003c\/p\u003e \u003cp\u003eChapter 8: Attacking DB2.\u003c\/p\u003e \u003cp\u003eChapter 9: Securing DB2.\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart IV: Informix.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eChapter 10: The Informix Architecture.\u003c\/p\u003e \u003cp\u003eChapter 11: Informix: Discovery, Attack, and Defense.\u003c\/p\u003e \u003cp\u003eChapter 12: Securing Informix.\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart V: Sybase ASE.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eChapter 13: Sybase Architecture.\u003c\/p\u003e \u003cp\u003eChapter 14: Sybase: Discovery, Attack, and Defense.\u003c\/p\u003e \u003cp\u003eChapter 15: Sybase: Moving Further into the Network.\u003c\/p\u003e \u003cp\u003eChapter 16: Securing Sybase.\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart VI: MySQL.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eChapter 17: MySQL Architecture.\u003c\/p\u003e \u003cp\u003eChapter 18: MySQL: Discovery, Attack, and Defense.\u003c\/p\u003e \u003cp\u003eChapter 19: MySQL: Moving Further into the Network.\u003c\/p\u003e \u003cp\u003eChapter 20: Securing MySQL.\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart VII: SQL Server.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eChapter 21: Microsoft SQL Server Architecture.\u003c\/p\u003e \u003cp\u003eChapter 22: SQL Server: Exploitation, Attack, and Defense.\u003c\/p\u003e \u003cp\u003eChapter 23: Securing SQL Server.\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart VIII: PostgreSQL.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eChapter 24: The PostgreSQL Architecture.\u003c\/p\u003e \u003cp\u003eChapter 25: PostgreSQL: Discovery and Attack.\u003c\/p\u003e \u003cp\u003eChapter 26: Securing PostgreSQL.\u003c\/p\u003e \u003cp\u003eAppendix A: Example C Code for a Time-Delay SQL Injection Harness.\u003c\/p\u003e \u003cp\u003eAppendix B: Dangerous Extended Stored Procedures.\u003c\/p\u003e \u003cp\u003eAppendix C: Oracle Default Usernames and Passwords.\u003c\/p\u003e \u003cp\u003eIndex.\u003c\/p\u003e  \u003cb\u003eDavid Litchfield\u003c\/b\u003e specializes in searching for new threats to database systems and web applications and holds the unofficial world record for finding major security flaws. He has lectured to both British and U.S. government security agencies on database security and is a regular speaker at the Blackhat Security Briefings. He is a co-author of \u003ci\u003eThe Shellcoder’s Handbook\u003c\/i\u003e, \u003ci\u003eSQL Server Security,\u003c\/i\u003e and \u003ci\u003eSpecial Ops\u003c\/i\u003e. In his spare time he is the Managing Director of Next Generation Security Software Ltd.  \u003cp\u003e\u003cb\u003eChris Anley\u003c\/b\u003e is a co-author of \u003ci\u003eThe Shellcoder’s Handbook\u003c\/i\u003e, a best-selling book about security vulnerability research. He has published whitepapers and security advisories on a number of database systems, including SQL Server, Sybase, MySQL, DB2, and Oracle.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eJohn Heasman\u003c\/b\u003e is a principal security consultant at NGS Software. He is a prolific security researcher and has published many security advisories relating to high-profile products such as Microsoft Windows, Real Player, Apple Quick-Time, and PostgreSQL.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eBill Grindlay\u003c\/b\u003e is a senior security consultant and software engineer at NGS Software. He has worked on both the generalized vulnerability scanner Typhon III and the NGSSQuirreL family of database security scanners. He is a co-author of the database administrator’s guide, \u003ci\u003eSQL Server Security\u003c\/i\u003e.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNext Generation Security Software Ltd\u003c\/b\u003e is a UK-based company that develops a suite of database server vulnerability assessment tools, the NGSSQuirreL family. Founded in 2001, NGS Software’s consulting arm is the largest dedicated security team in Europe. All four authors of this book work for NGS Software.\u003c\/p\u003e  Databases are the nerve center of our economy. Every piece of your personal information is stored there—medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling—and relentless.  \u003cp\u003eIn this essential follow-up to The Shellcoder's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. You'll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eIdentify and plug the new holes in Oracle and Microsoft® SQL Server\u003c\/li\u003e \u003cli\u003eLearn the best defenses for IBM's DB2®, PostgreSQL, Sybase ASE, and MySQL® servers\u003c\/li\u003e \u003cli\u003eDiscover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access\u003c\/li\u003e \u003cli\u003eRecognize vulnerabilities peculiar to each database\u003c\/li\u003e \u003cli\u003eFind out what the attackers already know\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eGo to www.wiley.com\/go\/dbhackershandbook for code samples, security alerts , and programs available for download.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47990203973861,"sku":"NP9780764578014","price":50.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9780764578014.jpg?v=1761786894","url":"https:\/\/k12savings.com\/products\/the-database-hackers-handbook-isbn-9780764578014","provider":"K12savings","version":"1.0","type":"link"}