Poised Solutions Tech Library

The Database Hackers Handbook

The Database Hackers Handbook Author: David Litchfield Chris Anley John Heasman Bill Grindley Publisher: Wiley Published: 2005 Pages: 500

The Database Hackers Handbook

The Database Hackers Handbook Chapters

The Database Hackers Handbook Chapters

1. Why Care About Database Security?
   • Which Database is the Most Secure
   • The State of Database Security Research
     • Classes of Database Security Flaws
       • Unauthenticated Flaws in Network Protocols
       • Authenticated Flaws in Network Protocols
       • Flaws in Authentication Protocols
       • Unauthenticated Access to Functionality
       • Arbitrary Code Execution in Intrinsic SQL Elements
       • Arbitrary Code Execution in Securable SQL Elements
       • Privilege Elevation via SQL Injection
       • Local Privilege Elevation Issues
   • So What Does it All Mean?
   • Finding Flaws in Your Database Server
     • Don't Believe Your Documentation
     • Implement Your Own Client
     • Debug the System to Understand How it Works
     • Identify Communication Protocols
     • Understand Arbitrary Code Execution Bugs
     • Write Your Own 'Fuzzers'
   • Conclusion
2. The Oracle Architecture
   • Examining the Oracle Architecture
     • Oracle Processes and Oracle on the Network
       • The Oracle TNS Listener
   • The Oracle RDBMS
   • The Oracle Intelligent Agent
   • Oracle Authentication and Authorization
   • Database Authentication
     • Authorization
     • Key System Privileges
       • EXECUTE ANY PROCEDURE
       • SELECT ANY DICTIONARY
       • GRANT ANY PRIVELEGE / ROLE / OBJECT PRIVILEGE
       • CREATE LIBRARY
     • Oracle Auditing
3. Attacking Oracle
   • Scanning for Oracle Servers
   • Oracle's PL/SQL
   • PL/SQL Injection
     • Injecting into SELECT Statements
   • Injecting into DELETE, INSERT, and UPDATE Statements
     • Injecting into INSERT Statements
     • Real-World Examples
   • Injecting into Anonymous PL/SQL Blocks
     • Real World Examples
   • Executing User-Supplied Queries with DBMS_SQL
   • Real-World Examples
     • PL/SQL Injection and Database Triggers
   • PL/SQL and Oracle Application Server
   • Summary
4. Oracle: Moving Further into the Network
   • Running Operating System Commands
     • Running OS Commands with PL/SQL
     • Running OS Commands with DBMS_SCHEDULER
     • Running OS Commands with Java
   • Accessing the File System
     • Java and the File System
   • Accessing the Network
     • Database Links
   • PL/SQL and the Network
     • UTL_TCP
     • UTL_HTTP
     • UTL_SMTP
   • Summary
5. Securing Oracle
   • Oracle Security Recommendations
     • Oracle TNS Listener
       • Set a TNS Listener Password
       • Turn on Admin Restrictions
       • Turn on TCP Valid Node Checking
       • Turn off XML Database
       • Turn off External Procedures
       • Encrypt Network Traffic
     • Oracle Database Server
       • Accounts
         • Lock and Expire Unused Accounts
         • New Account Creation
         • Password
       • Roles
         • New Role Creation
         • Roles for User Accounts
       • DBA Role
         • Auditing
         • PL/SQL Packages, Procedure and Functions
         • Triggers
         • Patching
         • Security Audits
         • New Database Installs
         • New Database Creation
6. IBM DB2 Universal Database
   • Introduction
   • DB2 Deployment Scenarios
     • DB2 on the Network
       • Header
       • Commands
       • Datatypes
   • DB2 Processes
   • DB2 Physical Database Layout
     • DB2 on Windows
     • DB2 on Linux
   • DB2 Logical Database Layout
   • DB2 Authentication and Authroization
   • Authorization
     • The DBAUTH View
     • The TABAUTH View
     • The ROUTINEAUTH View
   • Summary
7. DB2 Discovery, Attack and Defense
   • Finding Db2 on the Network
8. Attacking DB2
   • Buffer Overflows in DB2 Procedures and Functions
   • DB2 Remote Command Server
   • Running Commands Through Db2
   • Gaining Access to the Filesystem Through DB2
   • Local Attacks Against DB2
   • Summary
9. Securing DB2
   • Securing the Operating System
   • Securing the DB2 Network Interface
   • Securing the DBMS
   • Remove Unnecessary Components
   • And Finally ....
10. The Informix Architecture
    • Examining the Informix Architecture
      • Informix on the Network
        • Connecting to a Remote Informix Server
      • The Informix Logical Layout
        • Understanding Authentication and Authorization
          • Connect
          • Resource
          • DBA
          • Object Privileges
          • Privileges and Creating Procedures
    • The Informix Logical Layout
11. Informix: Discovery, Attack and Defense
    • Attacking and Defending Informix
      • Post Authentication Attacks
      • Shared Memory, Usernames and Password
    • Attacking Informix with Stored Procedutal Language (SPL)
      • Running Arbitrary Commands with SPL
      • Loading Arbitrary Libraries
      • Reading and Writing Arbitrary Files on the Server
    • SQL Buffer Overflows in Informix
      • Local Attacks Against Informix Running on Unix Platforms
    • Summary
12. Securing Informix
    • Keep the Server Patched
    • Encrypt Network Traffic
    • revoke the Connect Privilege from Public
    • Enable Auditing
    • Revoke Public Permissions on File Access Routines
    • Revoke Public Execute Permissions on Module Routines
    • Preventing Shared Memory from Being Dumped
    • Preventing Local Attacks on Unix-Based Servers
    • Restrict Language Usage
    • Useful Documents
13. Sybase Architecture
14. Sybase: Discovery, Attack adn Defense
15. Sybase: Moving Further into the Network
16. Securing Sybase
17. MySQL Architecture
18. MySQL: Discovery, Attack and Defense
19. MySQL: Moving Further into the Network
20. Securing MySQL
21. Microsoft SQL Server Architecture
22. SQL Server: Exploitation, Attack and Defense
23. Securing SQL Server
24. PostgreSQL Architecture
25. PostgreSQL: Discovery and Attack
26. Securing PostgreSQL

The Database Hackers Handbook Appendices

1. Example C Code for a Time-Delay SQL Injection Harness
2. Dangerous Extended Stored Procedures
3. Oracle Default Usernames and Passwords
4. Index