SQL Injection Attacks and Defense, First Edition: Winner of the Best Book Bejtlich Read Award "SQL injection is probably the number one problem for any server-side application, and this book unequaled in its coverage." –Richard Bejtlich, Tao Security blog SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information available for penetration testers, IT security consultants and practitioners, and web/software developers to turn to for help. SQL Injection Attacks and Defense, Second Edition is the only book devoted exclusively to this long-established but recently growing threat. This is the definitive resource for understanding, finding, exploiting, and defending against this increasingly popular and particularly destructive type of Internet-based attack. SQL Injection Attacks and Defense, Second Edition includes all the currently known information about these attacks and significant insight from its team of SQL injection experts, who tell you about: Understanding SQL Injection – Understand what it is and how it works Find, confirm and automate SQL injection discovery Tips and tricks for finding SQL injection within code Create exploits for using SQL injection Design apps to avoid the dangers these attacks SQL injection on different databases SQL injection on different technologies SQL injection testing techniques Case Studies Securing SQL Server, Second Edition is the only book to provide a complete understanding of SQL injection, from the basics of vulnerability to discovery, exploitation, prevention, and mitigation measures Covers unique, publicly unavailable information, by technical experts in such areas as Oracle, Microsoft SQL Server, and MySQL---including new developments for Microsoft SQL Server 2012 (Denali) Written by an established expert, author, and speaker in the field, with contributions from a team of equally renowned creators of SQL injection tools, applications, and educational materials

Updated for the latest database management systems -- including MySQL 6.0, Oracle 11g, and Microsoft's SQL Server 2008 -- this introductory guide will get you up and running with SQL quickly. Whether you need to write database applications, perform administrative tasks, or generate reports, Learning SQL, Second Edition, will help you easily master all the SQL fundamentals. Each chapter presents a self-contained lesson on a key SQL concept or technique, with numerous illustrations and annotated examples. Exercises at the end of each chapter let you practice the skills you learn. With this book, you will: Move quickly through SQL basics and learn several advanced features Use SQL data statements to generate, manipulate, and retrieve data Create database objects, such as tables, indexes, and constraints, using SQL schema statements Learn how data sets interact with queries, and understand the importance of subqueries Convert and manipulate data with SQL's built-in functions, and use conditional logic in data statements Knowledge of SQL is a must for interacting with data. With Learning SQL, you'll quickly learn how to put the power and flexibility of this language to work.

For programmers, analysts, and database administrators, SQL in a Nutshell is the essential reference for the SQL language used in today's most popular database products. This new edition clearly documents every SQL command according to the latest ANSI standard, and details how those commands are implemented in Microsoft SQL Server 2008, Oracle 11g, and the MySQL 5.1 and PostgreSQL 8.3 open source database products. You'll also get a concise overview of the Relational Database Management System (RDBMS) model, and a clear-cut explanation of foundational RDBMS concepts -- all packed into a succinct, comprehensive, and easy-to-use format. This book provides: Background on the Relational Database Model, including current and previous SQL standards Fundamental concepts necessary for understanding relational databases and SQL commands An alphabetical command reference to SQL statements, according to the SQL2003 ANSI standard The implementation of each command by MySQL, Oracle, PostgreSQL, and SQL Server An alphabetical reference of the ANSI SQL2003 functions, as well as the vendor implementations Platform-specific functions unique to each implementation Beginning where vendor documentation ends, SQL in a Nutshell distills the experiences of professional database administrators and developers who have used SQL variants to support complex enterprise applications. Whether SQL is new to you, or you've been using SQL since its earliest days, you'll get lots of new tips and techniques in this book.

is a handbook of practical solutions for busy database professionals charged with managing an organization's critically important data. Covering today's most popular and widely installed database environments, this book is an indispensable resource for managing and tuning SQL across multiple platforms. SQL Performance Tuning Packed with tips, techniques, and best practices, this hands-on guide covers SQL commands and queries over a wide range of conditions and environments. Every facet of the SQL environment is covered, from concurrency control to optimization—and every issue in between. The book includes an overview of each of the most widely used database management systems (DBMS) and provides tuning tips for common day-to-day situations. Topics covered include: General and specific tuning General sort considerations and options Joins and subqueries Columns and tables Indexes, including B-trees and bitmaps Constraints and stored procedures ODBC and JDBC Data changes and concurrency control (locking) Clients, servers, and middleware Whether you are a programmer, consultant, or user, you will find SQL Performance Tuning an indispensable guide to optimizing SQL performance across today's popular database environments. Throughout , ideas and techniques are tested on a variety of popular SQL environments, including IBM DB2, Informix, Ingres, InterBase, Microsoft SQL Server, MySQL, Oracle, and Sybase ASE. The book's practical examples are written in ANSI/ISO Standard SQL: 1999. SQL Performance Tuning