Robbed Series - SQL Injection 101
Minimum price
Suggested price

Robbed Series - SQL Injection 101

5 NEW STEPS IN CI/CD process: Techniques for detection - applicable for non/semi-technical managers

About the Book

The book focuses on software security and a specific focus on SQL injection - if not taken care of - can lead to data breaches for the organization which can cause losses of millions of dollars. All types of SQL Injections are thoroughly explained - with detailed code samples presented on how it could potentially start with a developer's mistake and how the vulnerability would eventually present itself to the database. Easy and precise SQL Injection detection techniques are presented which can be understood even by non-technical or semi-technical staff. This also gives precise recommendations on how to overcome the SQL injections in applications, which can thereby save millions of dollars and most importantly increases the trust in the organization. The goal is to have EVERY individual in the organization who is responsible for every/all phases of the Software development lifecycle be able to quickly and easily identify the security issues thereby making it easier to resolve security issues.

About the Author

Phani Madhavi
Phani Madhavi

“Phani Madhavi is an Associate Director in a leading MNC and has two-plus decades of experience in developing computer/web applications. She is extremely passionate about building robust enterprise applications - with a specific focus on software security. She has received an Award of Excellence for her work. She has a thorough grasp of OWASP recommendations for web security. She has a thorough understanding of the business processes and has suggested innovative solutions applicable at each stage of web application development lifecycle. She also has managed large teams of ~250+ and has extensive exposure to guiding and training teams.

Table of Contents

  • Disclaimer
  • Introduction
  • 0 Why should you care?
    • 1 Importance & Risk to the Data:
  • 1 Data
    • 1.0 Data classification:
    • 1.0.1 Why Data classification?
    • 1.0.1 Legal implications/ compliance to regulations:
    • 1.1 Step 1: Data classification:
    • 1.2 Step 2: Security at the database server level:
  • 2 Database(SQL/NoSQL) Injection:
    • 2.1 Categories of SQL Injection
    • 2.2 In-band and Out-of-band attacks
    • 2.3 In-band Error based SQL Injection
    • 2.4 In-band Union Based SQL Injection
    • 2.5 Inferential SQL Injection - Boolean based SQL Injection
    • 2.6 Inferential SQL Injection - Time-based SQL injection- Potential DOS attack
    • 2.7 Out-of-band SQL Injection
    • 2.8 Second Order SQL Injection
    • 2.9 Prevention of SQL Injection
  • 3 SQL Injection Examples
    • 3.1 Insecure Query Example
    • 3.2 Output from Insecure Query from Hibernate
    • 3.3 How it goes to database
    • 3.4 Few points on display of SQL
    • 3.5 Dissecting the insecure query output:
    • 3.6 Secure Query - Named parameter query
    • 3.7 Output from Secure Named parameter Query from Hibernate
    • 3.8 How Secure Query - Named parameter query goes to database
    • 3.9 Dissecting the output of Secure Query - Named parameter query
    • 3.10 Few more secure query samples
    • 3.11 SecuredPositionalParameterQuery
    • 3.12 Output from SecuredPositionalParameterQuery from Hibernate
    • 3.13 SecureSqlQuery
    • 3.14 Output from SecureSqlQuery from Hibernate
    • 3.15 Deciphering presence of SQL Injection in medium/ complex queries
    • 3.16 Why Hibernate displays bind parameters separately
    • 3.17 Other Mechanisms to display SQL output
    • 3.18 Recommendation on when to display SQL output
    • 3.19 What else can cause SQL Injection and how to mitigate- Stored procedures and other database entities
    • 3.20 Other mechanisms to mitigate SQL Injection -WAF/NG Firewall
  • 4 Detection of SQL Injection
    • 4.1 Detection of SQL Injection by review
    • 4.2 Review of code By Developers, Architects
    • 4.3 By Non/Semi Technical Staff/Managers
    • 4.4 By DBAs
    • 4.5 Static code analysis tools
    • 4.6 Runtime Detection of SQL Injection
  • 5 Five new steps in CI/CD Process
    • 5.1 Review the code
    • 5.2 DB/Hibernate/P6Spy query output
    • 5.3 Analyze
    • 5.4 Store
    • 5.5 Repeat the steps - either manually or in an automated fashion for every release/during SDLC process
  • 6 Resources
    • 6.1 Google dorks / The Exploit Database
    • 6.2 Open Web Application Security Project(OWASP) cheatsheet series
    • 6.3 Open Web Application Security Project速 (OWASP) ASVS
    • 6.4 Open Web Application Security Project速 (OWASP) Juiceshop

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

80% Royalties. Earn $16 on a $20 book.

We pay 80% royalties. That's not a typo: you earn $16 on a $20 sale. If we sell 5000 non-refunded copies of your book or course for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earnedover $13 millionwriting, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub