Cargando…
Becoming the hacker : the playbook for getting inside the mind of an attacker /
Adrian Pruteanu adopts the mindset of both a defender and an attacker in this practical guide to web application testing. By giving key insights into attack vectors and defenses, Becoming the Hacker builds your ability to analyze from both viewpoints and create robust defense strategies.
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing Ltd,
2019.
|
| Colección: | Expert insight.
|
| Temas: | |
| Acceso en línea: | Texto completo |
MARC
| LEADER | 00000cam a2200000 i 4500 | ||
|---|---|---|---|
| 001 | EBSCO_on1085235984 | ||
| 003 | OCoLC | ||
| 005 | 20231017213018.0 | ||
| 006 | m o d | ||
| 007 | cr cnu---unuuu | ||
| 008 | 190209s2019 enka ob 001 0 eng d | ||
| 040 | |a EBLCP |b eng |e rda |e pn |c EBLCP |d TEFOD |d N$T |d UKMGB |d UKAHL |d OCLCF |d OCLCQ |d K6U |d OCLCO |d OCLCQ |d OCLCO |d NZAUC |d OCLCQ | ||
| 015 | |a GBB965511 |2 bnb | ||
| 016 | 7 | |a 019253736 |2 Uk | |
| 020 | |a 1788623754 | ||
| 020 | |a 9781788623759 |q (electronic bk.) | ||
| 029 | 1 | |a AU@ |b 000065066379 | |
| 029 | 1 | |a UKMGB |b 019253736 | |
| 029 | 1 | |a AU@ |b 000065203524 | |
| 035 | |a (OCoLC)1085235984 | ||
| 037 | |a 2FFC0E64-7884-4146-9191-8D2C088FC14D |b OverDrive, Inc. |n http://www.overdrive.com | ||
| 050 | 4 | |a QA76.9.A25 | |
| 072 | 7 | |a COM |x 043050 |2 bisacsh | |
| 082 | 0 | 4 | |a 005.8 |2 23 |
| 049 | |a UAMI | ||
| 100 | 1 | |a Pruteanu, Adrian, |e author. | |
| 245 | 1 | 0 | |a Becoming the hacker : |b the playbook for getting inside the mind of an attacker / |c Adrian Pruteanu. |
| 264 | 1 | |a Birmingham : |b Packt Publishing Ltd, |c 2019. | |
| 300 | |a 1 online resource (405 pages) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 490 | 1 | |a Expert insight | |
| 504 | |a Includes bibliographical references and index. | ||
| 588 | 0 | |a Online resource; title from PDF title page (EBSCO, April 3, 2019). | |
| 588 | 0 | |a Print version record. | |
| 505 | 0 | |a Cover; Copyright; Packt upsell; Contributors; Table of Contents; Preface; Chapter 1 -- Introduction to Attacking Web Applications; Rules of engagement; Communication; Privacy considerations; Cleaning up; The tester's toolkit; Kali Linux; Kali Linux alternatives; The attack proxy; Burp Suite; Zed Attack Proxy; Cloud infrastructure; Resources; Exercises; Summary; Chapter 2 -- Efficient Discovery; Types of assessments; Target mapping; Masscan; WhatWeb; Nikto; CMS scanners; Efficient brute-forcing; Content discovery; Burp Suite; OWASP ZAP; Gobuster; Persistent content discovery; Payload processing | |
| 505 | 8 | |a Polyglot payloadsSame payload, different context; Code obfuscation; Resources; Exercises; Summary; Chapter 3 -- Low-Hanging Fruit; Network assessment; Looking for a way in; Credential guessing; A better way to shell; Cleaning up; Resources; Summary; Chapter 4 -- Advanced Brute-forcing; Password spraying; LinkedIn scraping; Metadata; The cluster bomb; Behind seven proxies; Torify; Proxy cannon; Summary; Chapter 5 -- File Inclusion Attacks; RFI; LFI; File inclusion to remote code execution; More file upload issues; Summary; Chapter 6 -- Out-of-Band Exploitation; A common scenario | |
| 505 | 8 | |a Command and controlLet's Encrypt Communication; INet simulation; The confirmation; Async data exfiltration; Data inference; Summary; Chapter 7 -- Automated Testing; Extending Burp; Authentication and authorization abuse; The Autorize flow; The Swiss Army knife; sqlmap helper; Web shells; Obfuscating code; Burp Collaborator; Public Collaborator server; Service interaction; Burp Collaborator client; Private Collaborator server; Summary; Chapter 8 -- Bad Serialization; Abusing deserialization; Attacking custom protocols; Protocol analysis; Deserialization exploit; Summary | |
| 505 | 8 | |a Chapter 9 -- Practical Client-Side AttacksSOP; Cross-origin resource sharing; XSS; Reflected XSS; Persistent XSS; DOM-based XSS; CSRF; BeEF; Hooking; Social engineering attacks; The keylogger; Persistence; Automatic exploitation; Tunneling traffic; Summary; Chapter 10 -- Practical Server-Side Attacks; Internal and external references; XXE attacks; A billion laughs; Request forgery; The port scanner; Information leak; Blind XXE; Remote code execution; Interactive shells; Summary; Chapter 11 -- Attacking APIs; API communication protocols; SOAP; REST; API authentication; Basic authentication | |
| 505 | 8 | |a API keysBearer authentication; JWTs; JWT quirks; Burp JWT support; Postman; Installation; Upstream proxy; The environment; Collections; Collection Runner; Attack considerations; Summary; Chapter 12 -- Attacking CMS; Application assessment; WPScan; sqlmap; Droopescan; Arachni web scanner; Backdooring the code; Persistence; Credential exfiltration; Summary; Chapter 13 -- Breaking Containers; Vulnerable Docker scenario; Foothold; Situational awareness; Container breakout; Summary; Other Books You May Enjoy; Index | |
| 520 | |a Adrian Pruteanu adopts the mindset of both a defender and an attacker in this practical guide to web application testing. By giving key insights into attack vectors and defenses, Becoming the Hacker builds your ability to analyze from both viewpoints and create robust defense strategies. | ||
| 590 | |a eBooks on EBSCOhost |b EBSCO eBook Subscription Academic Collection - Worldwide | ||
| 650 | 0 | |a Penetration testing (Computer security) | |
| 650 | 0 | |a Computer security. | |
| 650 | 0 | |a Computers |x Access control. | |
| 650 | 0 | |a Computer networks |x Security measures. | |
| 650 | 0 | |a Hacking. | |
| 650 | 2 | |a Computer Security | |
| 650 | 6 | |a Tests d'intrusion. | |
| 650 | 6 | |a Sécurité informatique. | |
| 650 | 6 | |a Ordinateurs |x Accès |x Contrôle. | |
| 650 | 6 | |a Réseaux d'ordinateurs |x Sécurité |x Mesures. | |
| 650 | 6 | |a Piratage informatique. | |
| 650 | 7 | |a COMPUTERS |x Security |x Networking. |2 bisacsh | |
| 650 | 7 | |a Computer networks |x Security measures. |2 fast |0 (OCoLC)fst00872341 | |
| 650 | 7 | |a Computer security. |2 fast |0 (OCoLC)fst00872484 | |
| 650 | 7 | |a Computers |x Access control. |2 fast |0 (OCoLC)fst00872779 | |
| 650 | 7 | |a Hacking. |2 fast |0 (OCoLC)fst01909643 | |
| 650 | 7 | |a Penetration testing (Computer security) |2 fast |0 (OCoLC)fst01789566 | |
| 776 | 0 | 8 | |i Print version: |a Pruteanu, Adrian. |t Becoming the Hacker : The Playbook for Getting Inside the Mind of the Attacker. |d Birmingham : Packt Publishing Ltd, ©2019 |z 9781788627962 |
| 830 | 0 | |a Expert insight. | |
| 856 | 4 | 0 | |u https://ebsco.uam.elogim.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2016348 |z Texto completo |
| 938 | |a Askews and Holts Library Services |b ASKH |n BDZ0039647794 | ||
| 938 | |a ProQuest Ebook Central |b EBLB |n EBL5667619 | ||
| 938 | |a EBSCOhost |b EBSC |n 2016348 | ||
| 994 | |a 92 |b IZTAP | ||