This Short Cut introduces you to how SQL injection vulnerabilities work, what makes applications vulnerable, and how to protect them. It helps you find your vulnerabilities with analysis and testing tools and describes simple approaches for fixing them in the most popular web-programming languages.
This Short Cut also helps you protect your live applications by describing how to monitor for and block attacks before your data is stolen.
Hacking is an increasingly criminal enterprise, and web applications are an attractive path to identity theft. If the applications you build, manage, or guard are a path to sensitive data, you must protect your applications and their users from this growing threat.
Martin Nystrom is a senior security analyst with Cisco's Computer Security Incident Response Team (CSIRT), where he leads initiatives to improve monitoring and response in information security. Prior to joining Cisco's CSIRT, Martin was responsible for designing secure architectures for IT projects. Martin worked as an IT architect and a Java programmer for 12 years prior to becoming a security architect, with experience in the pharmaceutical and computer industries. Martin received a bachelor's degree from Iowa State University in 1990, a master's degree from NC State University in 2003, and his CISSP certification in 2004.
I was looking for something brief and convincing to share with managers and developers, and this is it. It's just the right balance of persuasion and technical information. So many of the resources that I found assumed the reader already understood why SQL injection is something to worry about, that could happen to YOU, and leapt directly into technical arcana. I am so grateful to have this to suggest to everyone at the next staff meeting. (Along with some request logs that clearly show someone probing for the vulnerability.)
Bottom Line Yes, I would recommend this to a friend
For people who use databases for web applications, the threat of attacks is great no matter how small or large your database is. It doesnt matter what type of database you use either (SQL Server, ORACLE, MYSQL). As long as there are hackers out there, then your data is at risk. This great guide gives and overview as well as practical examples for various DBMS on the different types of SQL Injection and how to prevent it from working within your server-side script (PHP, ASP.NET, Java) with filtering, or from within your DBMS using stored proceedures or other techniques.
This is a great guide for the novice getting started in web development or the DBA who needs a quick reference to find specific information. OF course there are books out there with more detail but you don't have to page through 1000+ page books or go searching for hours online. And for 9.99 its worth every penny!