The Database Hacker's Handbook: Defending Database Servers

About the Authors

Preface

Acknowledgments

Introduction

Part I Introduction

Chapter 1 Why Care About Database Security?

Which Database Is the Most Secure?

The State of Database Security Research

Classes of Database Security Flaws

Unauthenticated Flaws in Network Protocols

Authenticated Flaws in Network Protocols

Flaws in Authentication Protocols

Unauthenticated Access to Functionality

Arbitrary Code Execution in Intrinsic SQL Elements

Arbitrary Code Execution in Securable SQL Elements

Privilege Elevation via SQL Injection

Local Privilege Elevation Issues

So What Does It All Mean?

Finding Flaws in Your Database Server

Don't Believe the Documentation

Implement Your Own Client

Debug the System to Understand How It Works

Identify Communication Protocols

Understand Arbitrary Code Execution Bugs

Write Your Own “Fuzzers”

Conclusion

Part II Oracle

Chapter 2 The Oracle Architecture

Examining the Oracle Architecture

Oracle Processes and Oracle on the Network

The Oracle TNS Listener

The Oracle RDBMS

The Oracle Intelligent Agent

Oracle Authentication and Authorization

Database Authentication

Authorization

Key System Privileges

EXECUTE ANY PROCEDURE

SELECT ANY DICTIONARY

GRANT ANY PRIVILEGE / ROLE / OBJECT PRIVILEGE

CREATE LIBRARY

Oracle Auditing

Chapter 3 Attacking Oracle

Scanning for Oracle Servers

Injecting into SELECT Statements

A Simple Example

Injecting Attacker-Defined Functions to Overcome Barriers

Doing More Than ...

Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The Database Hacker's Handbook: Defending Database Servers by David Litchfield, Chris Anley, John Heasman, Bill Grindlay

Contents

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly