The Database Hacker's Handbook: Defending Database Servers at Dominant Systems Book Store

Databases are the nerve center of our economy. Every piece of your personal information is stored there-medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling-and relentless.

In this essential follow-up to The Shellcoder's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. You'll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.
* Identify and plug the new holes in Oracle and Microsoft(r) SQL Server
* Learn the best defenses for IBM's DB2(r), PostgreSQL, Sybase ASE, and MySQL(r) servers
* Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access
* Recognize vulnerabilities peculiar to each database
* Find out what the attackers already know

Go to www.wiley.com/go/dbhackershandbook for code samples, security alerts , and programs available for download.

Customer Reviews & Comments
Here is a book in which you will probably only be interested in 1/7 of the pages. That means that instead of reading 528 pages you only need to read about 70. But, you may really, really need that 70 pages. The reason for this is that the book covers seven of the most common databases: IBM DB2, Oracle, MySQL, PostGreSQL, SQL Server, SyBase, Informix. These programs are so different that what applies to one does not generally apply to the others. Each section of the book covers one of the databases. It usually begins with some history of both the database and attacks on it. For instance the Slammer worm compromised more than 75,000 SQL Server databases within ten minutes of its release in January 2003. After that there is a discussion on the database, its architecture, how it handles things like authentication and so on. Finally it goes into how to defend the database against attack. This includes information on how to remove unncecessary features and services that might serve as gateways to attacks, and talks about how to use the databases own internal security systems to their maximum effectiveness. As I said, you really need the 70 or so pages that refer to your own database. PS - What's the most secure database - PostGreSQL, and it goes into why.

Back To Top