The Database Hacker's Handbook: Defending Database Servers


By: David Litchfield, Chris Anley, John Heasman, Bill Grindlay
Publisher: Wiley (July 14,2005)
ISBN: 0764578014





Databases are the nerve center of our economy. Every piece of your personal information is stored there—medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling—and relentless.

In this essential follow-up to The Shellcoder's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. You'll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.

- Identify and plug the new holes in Oracle and Microsoft SQL Server
- Learn the best defenses for IBM's DB2, PostgreSQL, Sybase ASE, and MySQL servers
- Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access
- Recognize vulnerabilities peculiar to each database
- Find out what the attackers already know


Source Code files from the book are included

Security 5 is an entry level program for anyone interested in learning computer security fundamentals. The Security 5 program gives individuals basic security literacy skills to protect themselves from the daily threats of the Internet. It is an ideal program for knowledge workers and anyone wanting to gain working knowledge of networking and computer security.

Hackers Beware: Defending Your Network from the Wily Hacker


By: Eric Cole
Publisher: New Riders Publishing
ISBN: 0735710090





In Hackers Beware, Eric Cole succeeds in explaining how hackers break into computers, steal information, and deny services to machines' legitimate users. An intended side effect of his documentary efforts is a feeling for how network-connected computers should be configured for maximum resistance to attack. Cole, who works with the attack-monitoring SANS Institute as an instructor and security consultant, conveys to his readers specific knowledge of offensive and defensive weaponry as well as general familiarity with attack strategies and good security practices. Hackers Beware is a good primer and really earns its price by going into enough detail to enable readers to actually do something to make their resources safer. It also enables its readers to understand more specialized security texts, including Stephen Northcutt's fine Intrusion Signatures and Analysis.

Cole's didactic style is largely conversational, embracing the fact that most computer exploits can be conveyed as stories about what hackers want and the steps they take to achieve their goals. He punctuates his prose passages with line drawings that clarify what gets passed among the machines involved in an attack, and pauses frequently to show programs' user interfaces and passages from their logs. Cole explains all the jargon he uses-a characteristic that alone distinguishes this book from many of its competitors.

Topics covered: What motivates black-hat hackers, and the technical means they use to go about satisfying their ambitions. General attack strategies--spoofing, password cracking, social engineering, and buffer overflows, among others-are explained, and the tools used to carry them out are catalogued. The same goes for defensive tools and practices.