Real-world bug hunting : a field guide to web hacking /

"Uses real-world bug reports (vulnerabilities in software or in this case web applications) to teach programmers and InfoSec professionals how to discover and protect vulnerabilities in web applications. Real-World Bug Hunting is a field guide to finding software bugs. Ethical hacker Peter Yawo...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Yaworski, Peter (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: San Francisco : No Starch Press, 2019.
Temas:
Debugging in computer science.
Penetration testing (Computer security)
Web sites > Testing.
Débogage.
Tests d'intrusion.
COMPUTERS > Security > Viruses.
COMPUTERS > Security > General.
COMPUTERS > Networking > Security.
Debugging in computer science
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Introduction; Who Should Read This Book; How to Read This Book; What's in This Book; A Disclaimer About Hacking; Chapter 1: Bug Bounty Basics; Vulnerabilities and Bug Bounties; Client and Server; What Happens When You Visit a Website; Step 1: Extracting the Domain Name; Step 2: Resolving an IP Address; Step 3: Establishing a TCP Connection; Step 4: Sending an HTTP Request; Step 5: Server Response; Step 6: Rendering the Response; HTTP Requests; Request Methods; HTTP Is Stateless; Summary; Chapter 2: Open Redirect
  • How Open Redirects WorkShopify Theme Install Open Redirect; Takeaways; Shopify Login Open Redirect; Takeaways; HackerOne Interstitial Redirect; Takeaways; Summary; Chapter 3: HTTP Parameter Pollution; Server-Side HPP; Client-Side HPP; HackerOne Social Sharing Buttons; Takeaways; Twitter Unsubscribe Notifications; Takeaways; Twitter Web Intents; Takeaways; Summary; Chapter 4: Cross-Site Request Forgery; Authentication; CSRF with GET Requests; CSRF with POST Requests; Defenses Against CSRF Attacks; Shopify Twitter Disconnect; Takeaways; Change Users Instacart Zones; Takeaways
  • Badoo Full Account TakeoverTakeaways; Summary; Chapter 5: HTML Injection and Content Spoofing; Coinbase Comment Injection Through Character Encoding; Takeaways; HackerOne Unintended HTML Inclusion; Takeaways; HackerOne Unintended HTML Include Fix Bypass; Takeaways; Within Security Content Spoofing; Takeaways; Summary; Chapter 6: Carriage Return Line Feed Injection; HTTP Request Smuggling; v. shopify.com Response Splitting; Takeaways; Twitter HTTP Response Splitting; Takeaways; Summary; Chapter 7: Cross-Site Scripting; Types of XSS; Shopify Wholesale; Takeaways; Shopify Currency Formatting
  • TakeawaysYahoo! Mail Stored XSS; Takeaways; Google Image Search; Takeaways; Google Tag Manager Stored XSS; Takeaways; United Airlines XSS; Takeaways; Summary; Chapter 8: Template Injections; Server-Side Template Injections; Client-Side Template Injections; Uber AngularJS Template Injection; Takeaways; Uber Flask Jinja2 Template Injection; Takeaways; Rails Dynamic Render; Takeaways; Unikrn Smarty Template Injection; Takeaways; Summary; Chapter 9: SQL Injection; SQL Databases; Countermeasures Against SQLi; Yahoo! Sports Blind SQLi; Takeaways; Uber Blind SQLi; Takeaways; Drupal SQLi; Takeaways

Ejemplares similares