Robbed Series - SQL Injection 101
Robbed Series - SQL Injection 101
5 NEW STEPS IN CI/CD process: Techniques for detection - applicable for non/semi-technical managers
About the Book
The book focuses on software security and a specific focus on SQL injection - if not taken care of - can lead to data breaches for the organization which can cause losses of millions of dollars. All types of SQL Injections are thoroughly explained - with detailed code samples presented on how it could potentially start with a developer's mistake and how the vulnerability would eventually present itself to the database. Easy and precise SQL Injection detection techniques are presented which can be understood even by non-technical or semi-technical staff. This also gives precise recommendations on how to overcome the SQL injections in applications, which can thereby save millions of dollars and most importantly increases the trust in the organization. The goal is to have EVERY individual in the organization who is responsible for every/all phases of the Software development lifecycle be able to quickly and easily identify the security issues thereby making it easier to resolve security issues.
0 Why should you care?
- 1 Importance & Risk to the Data:
- 1.0 Data classification:
- 1.0.1 Why Data classification?
- 1.0.1 Legal implications/ compliance to regulations:
- 1.1 Step 1: Data classification:
- 1.2 Step 2: Security at the database server level:
2 Database(SQL/NoSQL) Injection:
- 2.1 Categories of SQL Injection
- 2.2 In-band and Out-of-band attacks
- 2.3 In-band Error based SQL Injection
- 2.4 In-band Union Based SQL Injection
- 2.5 Inferential SQL Injection - Boolean based SQL Injection
- 2.6 Inferential SQL Injection - Time-based SQL injection- Potential DOS attack
- 2.7 Out-of-band SQL Injection
- 2.8 Second Order SQL Injection
- 2.9 Prevention of SQL Injection
3 SQL Injection Examples
- 3.1 Insecure Query Example
- 3.2 Output from Insecure Query from Hibernate
- 3.3 How it goes to database
- 3.4 Few points on display of SQL
- 3.5 Dissecting the insecure query output:
- 3.6 Secure Query - Named parameter query
- 3.7 Output from Secure Named parameter Query from Hibernate
- 3.8 How Secure Query - Named parameter query goes to database
- 3.9 Dissecting the output of Secure Query - Named parameter query
- 3.10 Few more secure query samples
- 3.11 SecuredPositionalParameterQuery
- 3.12 Output from SecuredPositionalParameterQuery from Hibernate
- 3.13 SecureSqlQuery
- 3.14 Output from SecureSqlQuery from Hibernate
- 3.15 Deciphering presence of SQL Injection in medium/ complex queries
- 3.16 Why Hibernate displays bind parameters separately
- 3.17 Other Mechanisms to display SQL output
- 3.18 Recommendation on when to display SQL output
- 3.19 What else can cause SQL Injection and how to mitigate- Stored procedures and other database entities
- 3.20 Other mechanisms to mitigate SQL Injection -WAF/NG Firewall
4 Detection of SQL Injection
- 4.1 Detection of SQL Injection by review
- 4.2 Review of code By Developers, Architects
- 4.3 By Non/Semi Technical Staff/Managers
- 4.4 By DBAs
- 4.5 Static code analysis tools
- 4.6 Runtime Detection of SQL Injection
5 Five new steps in CI/CD Process
- 5.1 Review the code
- 5.2 DB/Hibernate/P6Spy query output
- 5.3 Analyze
- 5.4 Store
- 5.5 Repeat the steps - either manually or in an automated fashion for every release/during SDLC process
- 6.1 Google dorks / The Exploit Database
- 6.2 Open Web Application Security Project(OWASP) cheatsheet series
- 6.3 Open Web Application Security Project速 (OWASP) ASVS
- 6.4 Open Web Application Security Project速 (OWASP) Juiceshop
The Leanpub 60-day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
80% Royalties. Earn $16 on a $20 book.
We pay 80% royalties. That's not a typo: you earn $16 on a $20 sale. If we sell 5000 non-refunded copies of your book or course for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $12 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.