The view from the top of IT with TechWorld Editor Rohan Pearce
Chris Anley is a co-author of The Shellcoder’s Handbook, a best-selling book about security vulnerability research. He has published whitepapers and security advisories on a number of database systems, including SQL Server, Sybase, MySQL, DB2, and Oracle.
John Heasman is a principal security consultant at NGS Software. He is a prolific security researcher and has published many security advisories relating to high-profile products such as Microsoft Windows, Real Player, Apple Quick-Time, and PostgreSQL.
Bill Grindlay is a senior security consultant and software engineer at NGS Software. He has worked on both the generalized vulnerability scanner Typhon III and the NGSSQuirreL family of database security scanners. He is a co-author of the database administrator’s guide, SQL Server Security.
Next Generation Security Software Ltd is a UK-based company that develops a suite of database server vulnerability assessment tools, the NGSSQuirreL family. Founded in 2001, NGS Software’s consulting arm is the largest dedicated security team in Europe. All four authors of this book work for NGS Software.
Part I: Introduction.
Chapter 1: Why Care About Database Security?
Part II: Oracle.
Chapter 2: The Oracle Architecture.
Chapter 3: Attacking Oracle.
Chapter 4: Oracle: Moving Further into the Network.
Chapter 5: Securing Oracle.
Part III: DB2.
Chapter 6: IBM DB2 Universal Database.
Chapter 7: DB2: Discovery, Attack, and Defense.
Chapter 8: Attacking DB2.
Chapter 9: Securing DB2.
Part IV: Informix.
Chapter 10: The Informix Architecture.
Chapter 11: Informix: Discovery, Attack, and Defense.
Chapter 12: Securing Informix.
Part V: Sybase ASE.
Chapter 13: Sybase Architecture.
Chapter 14: Sybase: Discovery, Attack, and Defense.
Chapter 15: Sybase: Moving Further into the Network.
Chapter 16: Securing Sybase.
Part VI: MySQL.
Chapter 17: MySQL Architecture.
Chapter 18: MySQL: Discovery, Attack, and Defense.
Chapter 19: MySQL: Moving Further into the Network.
Chapter 20: Securing MySQL.
Part VII: SQL Server.
Chapter 21: Microsoft SQL Server Architecture.
Chapter 22: SQL Server: Exploitation, Attack, and Defense.
Chapter 23: Securing SQL Server.
Part VIII: PostgreSQL.
Chapter 24: The PostgreSQL Architecture.
Chapter 25: PostgreSQL: Discovery and Attack.
Chapter 26: Securing PostgreSQL.
Appendix A: Example C Code for a Time-Delay SQL Injection Harness.
Appendix B: Dangerous Extended Stored Procedures.
Appendix C: Oracle Default Usernames and Passwords.