• Tous les prix incluent la TVA.
Il ne reste plus que 1 exemplaires en stock - passez vite votre commande.
Expédié et vendu par Amazon. Emballage cadeau disponible.
The Database Hacker&#x203... a été ajouté à votre Panier
+ EUR 2,99 (livraison)
D'occasion: Bon | Détails
Vendu par tousbouquins
État: D'occasion: Bon
Commentaire: D'occasion-Bon: état correct, peut avoir des annotations limitées, traces d'usage ou aspect défraîchi. Expédie par avion depuis Londres; prévoir une livraison entre 8 à 10 jours ouvrables. Satisfait ou remboursé
Vous l'avez déjà ?
Repliez vers l'arrière Repliez vers l'avant
Ecoutez Lecture en cours... Interrompu   Vous écoutez un extrait de l'édition audio Audible
En savoir plus
Voir les 2 images

The Database Hacker′s Handbook: Defending Database Servers (Anglais) Broché – 15 juillet 2005


Voir les formats et éditions Masquer les autres formats et éditions
Prix Amazon
Neuf à partir de Occasion à partir de
Format Kindle
"Veuillez réessayer"
Broché
"Veuillez réessayer"
EUR 40,39
EUR 24,00 EUR 14,08
Note: Cet article est éligible à la livraison en points de collecte. Détails
Récupérer votre colis où vous voulez quand vous voulez.
  • Choisissez parmi 17 000 points de collecte en France
  • Les membres du programme Amazon Premium bénéficient de livraison gratuites illimitées
Comment commander vers un point de collecte ?
  1. Trouvez votre point de collecte et ajoutez-le à votre carnet d’adresses
  2. Sélectionnez cette adresse lors de votre commande
Plus d’informations
click to open popover

Offres spéciales et liens associés


Descriptions du produit

Présentation de l'éditeur

Databases are the nerve center of our economy. Every piece of your personal information is stored there–medical records, bank accounts, employment history, pensions, car registrations, even your children′s grades and what groceries you buy. Database attacks are potentially crippling–and relentless.

In this essential follow–up to The Shellcoder′s Handbook, four of the world′s top security experts teach you to break into and defend the seven most popular database servers. You′ll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.
∗ Identify and plug the new holes in Oracle and Microsoft(r) SQL Server
∗ Learn the best defenses for IBM′s DB2(r), PostgreSQL, Sybase ASE, and MySQL(r) servers
∗ Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access
∗ Recognize vulnerabilities peculiar to each database
∗ Find out what the attackers already know

Go to www.wiley.com/go/dbhackershandbook for code samples, security alerts , and programs available for download.

Quatrième de couverture

Databases are the nerve center of our economy. Every piece of your personal information is stored there medical records, bank accounts, employment history, pensions, car registrations, even your children′s grades and what groceries you buy. Database attacks are potentially crippling and relentless.

In this essential follow–up to The Shellcoder′s Handbook, four of the world′s top security experts teach you to break into and defend the seven most popular database servers. You′ll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.

  • Identify and plug the new holes in Oracle and Microsoft® SQL Server
  • Learn the best defenses for IBM′s DB2®, PostgreSQL, Sybase ASE, and MySQL® servers
  • Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access
  • Recognize vulnerabilities peculiar to each database
  • Find out what the attackers already know

Go to www.wiley.com/go/dbhackershandbook for code samples, security alerts , and programs available for download.

Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.

  • Apple
  • Android
  • Windows Phone
  • Android

Pour obtenir l'appli gratuite, saisissez votre numéro de téléphone mobile.




Détails sur le produit

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoile

Commentaires client les plus utiles sur Amazon.com (beta)

Amazon.com: HASH(0x9323781c) étoiles sur 5 9 commentaires
23 internautes sur 24 ont trouvé ce commentaire utile 
HASH(0x91fde2e8) étoiles sur 5 You Really Need the 70 Pages on Your Database 14 juillet 2005
Par John Matlock - Publié sur Amazon.com
Format: Broché
Here is a book in which you will probably only be interested in 1/7 of the pages. That means that instead of reading 528 pages you only need to read about 70. But, you may really, really need that 70 pages. The reason for this is that the book covers seven of the most common databases: IBM DB2, Oracle, MySQL, PostGreSQL, SQL Server, SyBase, Informix. These programs are so different that what applies to one does not generally apply to the others.

Each section of the book covers one of the databases. It usually begins with some history of both the database and attacks on it. For instance the Slammer worm compromised more than 75,000 SQL Server databases within ten minutes of its release in January 2003.

After that there is a discussion on the database, its architecture, how it handles things like authentication and so on.

Finally it goes into how to defend the database against attack. This includes information on how to remove unncecessary features and services that might serve as gateways to attacks, and talks about how to use the databases own internal security systems to their maximum effectiveness.

As I said, you really need the 70 or so pages that refer to your own database.

PS - What's the most secure database - PostGreSQL, and it goes into why.
6 internautes sur 6 ont trouvé ce commentaire utile 
HASH(0x91fde33c) étoiles sur 5 Important Book For Database and Security Admins 20 novembre 2005
Par sixmonkeyjungle - Publié sur Amazon.com
Format: Broché
David Litchfield is arguably the foremost expert and evangelist when it comes to database security. He, and his team of compatriots from Next Generation Security Software, have written a book that any database or security administrator should be familiar with.

Even if some of the attacks or exploits described in the book were previously obscure or unknown, the fact that they have been outlined in this book means that administrators need to know about them and defend against them before the "bad guys" read this book and take advantage of them.

One of the best aspects of this book is the way it is organized. Splitting the book into sections devoted to specific database systems makes it exceptionally simple and convenient to use. If you only use MySQL, you can skip all of the information regarding Oracle or Microsoft SQL Server, and just focus on the section of the book that applies to you.

Within each section, the authors provide a tremendous wealth of knowledge. Aside from describing weaknesses, potential exploits and protective measures to defend against them, they also look at the general architecture and the methods of authentication used by the database.

Any database admin should have a copy of this on their desk.
8 internautes sur 9 ont trouvé ce commentaire utile 
HASH(0x91fde774) étoiles sur 5 Attacking Database Servers 25 juillet 2005
Par Tatjana Injac - Publié sur Amazon.com
Format: Broché Achat vérifié
This review is only for the Oracle parts of the book.

The most interesting chapter is "Attacking Oracle". These guys give phrase "thinking outside of the box" the real meaning. They look for a feature or bug open to the security attack, then they shake it til it breaks. You will see exploits of AUTHID, PL/SQL injections, app. server, dbms_sql.parse bug,... most of them relevant to 9i and 10g versions.

The hacks are mainly in the sections called "Real-World Examples". Most of the exploits are already patched by Oracle and they are also available on hacking forums, but there were some new ones that were quite a revelation.

The security recommendations in the "Securing Oracle" chapter were too general, you can probably find Internet white papers on hardening Oracle that give more details. But, this book is not really about hardening Oracle, even if it says "Defending Database Servers" with small, blue letters on the front cover. This book is about attacking database servers.

I have seen David Litchfield's previous work and I am sure he knows (and has tried) more than what is written here. Can we expect to see that in "The Hacker's Handbook" part II?
10 internautes sur 12 ont trouvé ce commentaire utile 
HASH(0x91fde75c) étoiles sur 5 Coverage of many databases, but not as coherent as it should be 6 mai 2006
Par Richard Bejtlich - Publié sur Amazon.com
Format: Broché
The Database Hacker's Handbook (TDHH) is unique for two reasons. First, it is written by experts who spend their lives breaking database systems. Their depth of knowledge is unparalleled. Second, TDHH addresses security for Oracle, IBM DB2, IBM Informix, Sybase ASE, MySQL, Microsoft SQL Server, and PostgreSQL. No other database security book discusses as many products. For this reason, TDHH merits four stars. If a second edition of the book addresses some of my later suggestions, five stars should be easy to achieve.

The first issue I would like to see addressed in a second edition of TDHH is the removal of the 60 pages of C code scattered throughout the book. The code is already provided on the publisher's Web site, and its appearance in a 500 page book adds little. The three pages of characters (that's the best way to describe it) on pages 313-315 in Ch 19 are really beyond what any person should be expected to type.

The second issue involves general presentation. Many chapters end abruptly with no conclusion or summary. Several times I thought "Is that it?" Chapters 2, 5, 7, 10, 13, 15, 18, 21 and 22 all end suddenly. The editor should have told the authors to end those chapters with summaries, as appear in other chapters. On a related note, some of the "chapters" are exceptionally short; Ch 9 and 12 are each 3 pages, for example. Chapters that short are an indication the book is not organized well.

The final issue involves discussion of various databases. I preferred the "Hacking Exposed" style of the 2003 book SQL Server Security, which included Dave Litchfield and Bill Grindlay as co-authors. That book spent more time introducing the fundamentals of database functions before explaining how to break them. For example, more background on PL/SQL would be helpful. With 60 pages of code removed, that leaves plenty of room for such discussion in the second edition.

On the positive side, I thought TDHH started strong with Ch 1. The Oracle security advice was very strong. I thought the time delay tactic for extracting bit-by-bit information from the database was also exceptionally clever.

Although I have not read it, I believe Implementing Database Security and Auditing by Ron Ben Natan might be a good complement to TDHH. Natan's book appears to take a functional approach, whereas TDHH takes a product-specific approach. The drawback of the product-centric approach is repetition of general security advice, such as enabling encryption, disabling default accounts, etc.

At the end of the day TDHH is still a revealing and powerful book. Anyone responsible for database security should refer to the sections of the book covering their database. I also recommend keeping an eye on the Next Generation Security Software Web site for the latest on database security issues. You should also see the authors speak at security conferences whenever possible.
HASH(0x91fdec24) étoiles sur 5 Good theoretical work, but needs update 12 juin 2015
Par Phil and Deb L-S - Publié sur Amazon.com
Format: Broché Achat vérifié
This book is now ten years old, and it's kind of frightening that it seems to be the most up-to-date work on the field of database hacking. Good sections about the seven largest databases (who mostly still own the field, all this time later). I'm working my way through the section on DB2, as that's my specialty.

I'm quite concerned that significant new threats have probably arisen in the ten years since the book's publication, and I'd love to hear that a new edition is planned; but the theoretical background and classification of threats is as valid as ever.

One significant lack here -- no discussion of security for mainframe databases (DB2 for z/OS, IMS, CA-IDMS, and presumably others), which hold a significant portion of the world's financial data.
Ces commentaires ont-ils été utiles ? Dites-le-nous


Commentaires

Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?