|
|
|
|
LEADER |
00000cam a22000008i 4500 |
001 |
OR_on1081338218 |
003 |
OCoLC |
005 |
20231017213018.0 |
006 |
m o d |
007 |
cr ||||||||||| |
008 |
190103s2019 cau ob 000 0 eng |
010 |
|
|
|a 2019000034
|
040 |
|
|
|a DLC
|b eng
|e rda
|e pn
|c DLC
|d OCLCO
|d OCLCF
|d RECBK
|d UMI
|d EBLCP
|d N$T
|d OCLCQ
|d COO
|d OCLCQ
|d OTZ
|d AU@
|d YDX
|d OCLCQ
|d OCLCO
|d OCLCQ
|d OCLCO
|
019 |
|
|
|a 1108874743
|a 1114319634
|a 1119128053
|a 1131754210
|a 1162515331
|
020 |
|
|
|a 1593278624
|q (epub)
|
020 |
|
|
|a 9781593278625
|q (electronic bk.)
|
020 |
|
|
|z 9781593278618
|q (paperback)
|
020 |
|
|
|z 1593278616
|
024 |
8 |
|
|a 9781098122508
|
029 |
1 |
|
|a AU@
|b 000066006813
|
029 |
1 |
|
|a AU@
|b 000066233357
|
029 |
1 |
|
|a CHNEW
|b 001063933
|
029 |
1 |
|
|a CHVBK
|b 575145064
|
029 |
1 |
|
|a AU@
|b 000067968302
|
035 |
|
|
|a (OCoLC)1081338218
|z (OCoLC)1108874743
|z (OCoLC)1114319634
|z (OCoLC)1119128053
|z (OCoLC)1131754210
|z (OCoLC)1162515331
|
037 |
|
|
|a CL0501000060
|b Safari Books Online
|
042 |
|
|
|a pcc
|
050 |
1 |
0 |
|a QA76.9.D43
|
082 |
0 |
0 |
|a 004.2/4
|2 23
|
084 |
|
|
|a COM015000
|a COM053000
|a COM043050
|2 bisacsh
|
049 |
|
|
|a UAMI
|
100 |
1 |
|
|a Yaworski, Peter,
|e author.
|
245 |
1 |
0 |
|a Real-world bug hunting :
|b a field guide to web hacking /
|c Peter Yaworski.
|
263 |
|
|
|a 1903
|
264 |
|
1 |
|a San Francisco :
|b No Starch Press,
|c 2019.
|
300 |
|
|
|a 1 online resource
|
336 |
|
|
|a text
|b txt
|2 rdacontent
|
337 |
|
|
|a computer
|b n
|2 rdamedia
|
338 |
|
|
|a online resource
|b nc
|2 rdacarrier
|
347 |
|
|
|a text file
|
504 |
|
|
|a Includes bibliographical references.
|
520 |
|
|
|a "Uses real-world bug reports (vulnerabilities in software or in this case web applications) to teach programmers and InfoSec professionals how to discover and protect vulnerabilities in web applications. Real-World Bug Hunting is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualizes them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks. As you read each report, you'll gain deeper insight into how the vulnerabilities work and how you might find similar ones. Each chapter begins with an explanation of a vulnerability type, then moves into a series of real bug bounty reports that show how the bugs were found. You'll learn things like how Cross-Site Request Forgery tricks users into unknowingly submitting information to websites they are logged into; how to pass along unsafe JavaScript to execute Cross-Site Scripting; how to access another user's data via Insecure Direct Object References; how to trick websites into disclosing information with Server Side Request Forgeries; and how bugs in application logic can lead to pretty serious vulnerabilities. Yaworski also shares advice on how to write effective vulnerability reports and develop relationships with bug bounty programs, as well as recommends hacking tools that can make the job a little easier"--
|c Provided by publisher.
|
588 |
0 |
|
|a Print version record and CIP data provided by publisher; resource not viewed.
|
505 |
0 |
|
|a Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Introduction; Who Should Read This Book; How to Read This Book; What's in This Book; A Disclaimer About Hacking; Chapter 1: Bug Bounty Basics; Vulnerabilities and Bug Bounties; Client and Server; What Happens When You Visit a Website; Step 1: Extracting the Domain Name; Step 2: Resolving an IP Address; Step 3: Establishing a TCP Connection; Step 4: Sending an HTTP Request; Step 5: Server Response; Step 6: Rendering the Response; HTTP Requests; Request Methods; HTTP Is Stateless; Summary; Chapter 2: Open Redirect
|
505 |
8 |
|
|a How Open Redirects WorkShopify Theme Install Open Redirect; Takeaways; Shopify Login Open Redirect; Takeaways; HackerOne Interstitial Redirect; Takeaways; Summary; Chapter 3: HTTP Parameter Pollution; Server-Side HPP; Client-Side HPP; HackerOne Social Sharing Buttons; Takeaways; Twitter Unsubscribe Notifications; Takeaways; Twitter Web Intents; Takeaways; Summary; Chapter 4: Cross-Site Request Forgery; Authentication; CSRF with GET Requests; CSRF with POST Requests; Defenses Against CSRF Attacks; Shopify Twitter Disconnect; Takeaways; Change Users Instacart Zones; Takeaways
|
505 |
8 |
|
|a Badoo Full Account TakeoverTakeaways; Summary; Chapter 5: HTML Injection and Content Spoofing; Coinbase Comment Injection Through Character Encoding; Takeaways; HackerOne Unintended HTML Inclusion; Takeaways; HackerOne Unintended HTML Include Fix Bypass; Takeaways; Within Security Content Spoofing; Takeaways; Summary; Chapter 6: Carriage Return Line Feed Injection; HTTP Request Smuggling; v. shopify.com Response Splitting; Takeaways; Twitter HTTP Response Splitting; Takeaways; Summary; Chapter 7: Cross-Site Scripting; Types of XSS; Shopify Wholesale; Takeaways; Shopify Currency Formatting
|
505 |
8 |
|
|a TakeawaysYahoo! Mail Stored XSS; Takeaways; Google Image Search; Takeaways; Google Tag Manager Stored XSS; Takeaways; United Airlines XSS; Takeaways; Summary; Chapter 8: Template Injections; Server-Side Template Injections; Client-Side Template Injections; Uber AngularJS Template Injection; Takeaways; Uber Flask Jinja2 Template Injection; Takeaways; Rails Dynamic Render; Takeaways; Unikrn Smarty Template Injection; Takeaways; Summary; Chapter 9: SQL Injection; SQL Databases; Countermeasures Against SQLi; Yahoo! Sports Blind SQLi; Takeaways; Uber Blind SQLi; Takeaways; Drupal SQLi; Takeaways
|
542 |
|
|
|f Copyright © No Starch Press
|
590 |
|
|
|a O'Reilly
|b O'Reilly Online Learning: Academic/Public Library Edition
|
650 |
|
0 |
|a Debugging in computer science.
|
650 |
|
0 |
|a Penetration testing (Computer security)
|
650 |
|
0 |
|a Web sites
|x Testing.
|
650 |
|
6 |
|a Débogage.
|
650 |
|
6 |
|a Tests d'intrusion.
|
650 |
|
7 |
|a COMPUTERS
|x Security
|x Viruses.
|2 bisacsh
|
650 |
|
7 |
|a COMPUTERS
|x Security
|x General.
|2 bisacsh
|
650 |
|
7 |
|a COMPUTERS
|x Networking
|x Security.
|2 bisacsh
|
650 |
|
7 |
|a Debugging in computer science
|2 fast
|
650 |
|
7 |
|a Penetration testing (Computer security)
|2 fast
|
776 |
0 |
8 |
|i Print version:
|a Yaworski, Peter.
|t Real-world bug hunting.
|d San Francisco : No Starch Press, 2019
|z 9781593278618
|w (DLC) 2018060556
|w (OCoLC)1080554920
|
856 |
4 |
0 |
|u https://learning.oreilly.com/library/view/~/9781098122508/?ar
|z Texto completo (Requiere registro previo con correo institucional)
|
938 |
|
|
|a ProQuest Ebook Central
|b EBLB
|n EBL6057671
|
938 |
|
|
|a EBSCOhost
|b EBSC
|n 1536463
|
938 |
|
|
|a Recorded Books, LLC
|b RECE
|n rbeEB00706875
|
938 |
|
|
|a YBP Library Services
|b YANK
|n 300625591
|
994 |
|
|
|a 92
|b IZTAP
|