Skip to main content

Tấn công và Phòng thủ trong SQL Injection

What Is SQL Injection?
1-Introduction
2-Understanding How Web Applications Work.
3-A Simple Application Architecture
4-A More Complex Architecture
5-Understanding SQL Injection
6-High-Profile Examples
7-Understanding How It Happens
8-Dynamic String Building
9-Incorrectly Handled Escape Characters
10-Incorrectly Handled Types
11-Incorrectly Handled Query Assembly
12-Incorrectly Handled Errors
13-Incorrectly Handled Multiple Submissions
14-Insecure Database Configuration
15-Summary
16-Solutions Fast Track
17-Frequently Asked Questions


Testing for SQL Injection
1-Introduction
2-Finding SQL Injection
3-Testing by Inference
4-Identifying Data Entry
5-GET Requests
6-POST Requests
7-Other Injectable Data
8-Manipulating Parameters
9-Information Workf low
10-Database Errors
11-Commonly Displayed SQL Errors
12-Microsoft SQL Server Errors
13-MySQL Errors
14-Oracle Errors
15-Generic Errors
16-HTTP Code Errors
17-Different Response Sizes
18-Blind Injection Detection
19-Confirming SQL Injection
20-Differentiating Numbers and Strings
21-Inline SQL Injection
22-Injecting Strings Inline
23-Injecting Numeric Values Inline
24-Terminating SQL Injection
25-Database Comment Syntax
26-Using Comments
27-Executing Multiple Statements
28-Time Delays
29-Automating SQL Injection Discovery
30-Tools for Automatically Finding SQL Injection
31-HP WebInspect
32-IBM Rational AppScan
33-HP Scrawlr
34-SQLiX
35-Paros Proxy
36-Summary
37-Solutions Fast Track
38-Frequently Asked Questions


Reviewing Code for SQL Injection

1-Introduction
2-Reviewing Source Code for SQL Injection
3-Dangerous Coding Behaviors
4-Dangerous Functions
5-Following the Data
6-Following Data in PHP
7-Following Data in Java
8-Following Data in C#
9-Reviewing PL/SQL and T-SQL Code
10-Automated Source Code Review
11-Yet Another Source Code Analyzer
12-Pixy
13-AppCodeScan
14-LAPSE
15-Security Compass Web Application Analysis Tool (SWAAT)
16-Microsoft Source Code Analyzer for SQL Injection
17-Microsoft Code Analysis Tool .NET (CAT.NET)
18-Commercial Source Code Review Tools
19-Ounce
20-Source Code Analysis
21-CodeSecure
22-Summary
23-Solutions Fast Track
24-Frequently Asked Questions


Exploiting SQL Injection

1-Introduction
2-Understanding Common Exploit Techniques
3-Using Stacked Queries
4-Identifying the Database
5-Non-Blind Fingerprint
6-Banner Grabbing
7-Blind Fingerprint
8-Extracting Data through UNION Statements
9-Matching Columns
10-Matching Data Types
11-Using Conditional Statements
12-Approach 1: Time-based
13-Approach 2: Error-based
14-Approach 3: Content-based
15-Working with Strings
16-Extending the Attack
17-Using Errors for SQL Injection
18-Error Messages in Oracle
19-Enumerating the Database Schema
20-SQL Server
21-MySQL
22-Oracle
23-Escalating Privileges
24-SQL Server
25-Privilege Escalation on Unpatched Servers
26-Oracle
27-Stealing the Password Hashes
28-SQL Server
29-MySQL
30-Oracle
31-Oracle Components
32-APEX
33-Oracle Internet Directory
34-Out-of-Band Communication
35-E-mail
36-Microsoft SQL Server
37-Oracle
38-HTTP/DNS
39-File System
40-SQL Server
41-MySQL
42-Oracle
43-Automating SQL Injection Exploitation
44-Sqlmap
45-Sqlmap Example
46-Bobcat
47-BSQL
48-Other Tools
49-Summary
50-Solutions Fast Track
51-Frequently Asked Questions


Blind SQL Injection Exploitation


1-Introduction
2-Finding and Confirming Blind SQL Injection
3-Forcing Generic Errors
4-Injecting Queries with Side Effects
5-Spitting and Balancing
6-Common Blind SQL Injection Scenarios
7-Blind SQL Injection Techniques
8-Inference Techniques
9-Increasing the Complexity of Inference Techniques
10-Alternative Channel Techniques
11-Using Time-Based Techniques
12-Delaying Database Queries
13-MySQL Delays
14-Generic MySQL Bit-by-Bit Inference Exploits
15-SQL Server Delays
16-Generic SQL Server Binary Search Inference Exploits
17-Generic SQL Server Bit-by-Bit Inference Exploits
18-Oracle Delays
19-Time-Based Inference Considerations
20-Using Response-Based Techniques
21-MySQL Response Techniques
22-SQL Server Response Techniques
23-Oracle Response Techniques
24-Returning More Than One Bit of Information
25-Using Alternative Channels
26-Database Connections
27-DNS Exfiltration
28-E-mail Exfiltration
29-HTTP Exfiltration
30-Automating Blind SQL Injection Exploitation
31-Absinthe
32-BSQL Hacker
33-SQLBrute
34-Sqlninja
35-Squeeza
36-Summary
37-Solutions Fast Track
38-Frequently Asked Questions


Exploiting the Operating System

1-Introduction
2-Accessing the File System
3-Reading Files
4-MySQL
5-Microsoft SQL Server
6-Oracle
7-Writing Files
8-MySQL
9-Microsoft SQL Server
10-Oracle
11-Executing Operating System Commands
12-Direct Execution
13-Oracle
14-DBMS_SCHEDULER
15-PL/SQL Native
16-Other Possibilities
17-Alter System Set Events
18-PL/SQL Native 9i
19-Buffer Overflows
20-Custom Application Code
21-MySQL
22-Microsoft SQL Server
23-Consolidating Access
24-Summary
25-Solutions Fast Track
26-Frequently Asked Questions
27-Endnotes


Advanced Topics

1-Introduction
2-Evading Input Filters
3-Using Case Variation
4-Using SQL Comments
5-Using URL Encoding
6-Using Dynamic Query Execution
7-Using Null Bytes
8-Nesting Stripped Expressions
9-Exploiting Truncation
10-Bypassing Custom Filters
11-Using Non-Standard Entry Points
12-Exploiting Second-Order SQL Injection
13-Finding Second-Order Vulnerabilities
14-Using Hybrid Attacks
15-Leveraging Captured Data
16-Creating Cross-Site Scripting
17-Running Operating System Commands on Oracle
18-Exploiting Authenticated Vulnerabilities
19-Summary
20-Solutions Fast Track
21-Frequently Asked Questions

Code-Level Defenses

1-Introduction
2-Using Parameterized Statements
3-Parameterized Statements in Java
4-Parameterized Statements in .NET (C#)
5-Parameterized Statements in PHP
6-Parameterized Statements in PL/SQL
7-Validating Input
8-Whitelisting
9-Blacklisting
10-Validating Input in Java
11-Validating Input in .NET
12-Validating Input in PHP
13-Encoding Output
14-Encoding to the Database
15-Encoding for Oracle
16-Oracle dbms_asser
17-Encoding for Microsoft SQL Server
18-Encoding for MySQL
19-Canonicalization
20-Canonicalization Approache
21-Working with Unicode
22-Designing to Avoid the Dangers of SQL Injection
23-Using Stored Procedures
24-Using Abstraction Layers
25-Handling Sensitive Data
26-Avoiding Obvious Object Names
27-Setting Up Database Honeypots

Reference

1-Introduction
2-Structured Query Language (SQL) Primer
3-SQL Queries
4-SELECT Statement
5-UNION Operator
6-INSERT Statement
7-UPDATE Statement
8-DELETE Statement
9-DROP Statement
10-CREATE TABLE Statement
11-ALTER TABLE Statement
12-GROUP BY Statement
13-ORDER BY Clause
14-Limiting the Result Set
15-SQL Injection Quick Reference
16-Identifying the Database Platform
17-Identifying the Database Platform via Time Delay Inference
18-Identifying the Database Platform via SQL Dialect Inference
19-Combining Multiple Rows into a Single Row
20-Microsoft SQL Server Cheat Sheet.
21-Blind SQL Injection Functions: Microsoft SQL Server
22-Microsoft SQL Server Privilege Escalation
23-OPENROWSET Reauthentication Attack
24-Attacking the Database Server: Microsoft SQL Server
25-System Command Execution via xp_cmdshell
26-xp_cmdshell Alternative
27-Cracking Database Passwords
28-Microsoft SQL Server 2005 Hashes
29-File Read/Write
30-MySQL Cheat Sheet
31-Enumerating Database Configuration Information and Schema
32-Blind SQL Injection Functions: MySQL
33-Attacking the Database Server: MySQL
34-System Command Execution
35-Cracking Database Passwords
36-Attacking the Database Directly
37-File Read/Write
38-Oracle Cheat Sheet
39-Enumerating Database Configuration Information and Schema
40-Blind SQL Injection Functions: Oracle
41-Attacking the Database Server: Oracle
42-Command Execution
43-Reading Local Files
44-Reading Local Files (PL/SQL Injection Only)
45-Writing Local Files (PL/SQL Injection Only)
46-Cracking Database Passwords
47-Bypassing Input Validation Filters
48-Quote Filters
49-HTTP Encoding
50-Troubleshooting SQL Injection Attacks
51-SQL Injection on Other Platforms
52-PostgreSQL Cheat Sheet
53-Enumerating Database Configuration Information and Schema
54-Blind SQL Injection Functions: PostgreSQL
55-Attacking the Database Server: PostgreSQL
56-System Command Executio
57-Local File Access
58-Cracking Database Passwords
59-DB2 Cheat Sheet
60-Enumerating Database Configuration Information and Schema
61-Blind SQL Injection Functions: DB2
62-Informix Cheat Sheet
63-Enumerating Database Configuration Information and Schema
64-Blind SQL Injection Functions: Informix
65-Ingres Cheat Sheet
66-Enumerating Database Configuration Information and Schema
67-Blind SQL Injection Functions: Ingres
68-Microsoft Access
69-Resources
70-SQL Injection White Papers
71-SQL Injection Cheat Sheets
72-SQL Injection Exploit Tools
73-Password Cracking Tools
74-Solutions Fast Track

Download :
http://www.mediafire.com/?359ldesiai4154a

Share this with your friends
Loading...