Cargando…
ZED ATTACK PROXY COOKBOOK hacking tactics, techniques, and procedures for testing web applications and APIs /
Dive into security testing and web app scanning with ZAP, a powerful OWASP security tool Purchase of the print or Kindle book includes a free PDF eBook Key Features Master ZAP to protect your systems from different cyber attacks Learn cybersecurity best practices using this step-by-step guide packed...
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
[S.l.] :
PACKT PUBLISHING LIMITED,
2023.
|
| Edición: | 1st edition. |
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright and Credits
- Dedication
- Contributors
- Table of Contents
- Preface
- Chapter 1: Getting Started with OWASP Zed Attack Proxy
- Downloading ZAP
- Getting ready
- How to do it...
- Installing Docker
- See also
- Setting up the testing environment
- Getting ready
- How to do it...
- How it works...
- There's more...
- Setting up a browser proxy and certificate
- Getting ready
- How to do it...
- How it works...
- Testing the ZAP setup
- Getting ready
- How to do it...
- How it works...
- Chapter 2: Navigating the UI
- Technical requirements
- Persisting a session
- Getting ready
- How to do it...
- How it works...
- Menu bar
- Getting ready
- How to do it...
- How it works...
- There's more...
- Toolbar
- Getting ready
- How to do it...
- How it works...
- See also
- The tree window
- Getting ready
- How to do it...
- How it works...
- Workspace window
- Getting ready
- How to do it...
- How it works...
- Information window
- Getting ready
- How to do it...
- How it works...
- There's more...
- Footer
- Getting ready
- How to do it...
- How it works...
- Encode/Decode/Hash dialog
- Getting ready
- How to do it...
- How it works...
- See also
- Fuzzing with Fuzzer
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Chapter 3: Configuring, Crawling, Scanning, and Reporting
- Technical requirements
- Setting scope in ZAP
- Getting ready
- How to do it...
- How it works...
- Crawling with the Spider
- Getting ready
- How to do it...
- How it works...
- Crawling with the AJAX Spider
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Scanning a web app passively
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Scanning a web app actively
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Generating a report
- Getting ready
- How to do it...
- How it works...
- See also
- Chapter 4: Authentication and Authorization Testing
- Technical requirements
- Testing for Bypassing Authentication
- Getting ready
- How to do it...
- How it works...
- Testing for Credentials Transported over an Encrypted Channel
- Getting ready
- How to do it...
- How it works...
- Testing for Default Credentials
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Testing Directory Traversal File Include
- Getting ready
- How to do it...
- How it works...
- See also
- Testing for Privilege Escalation and Bypassing Authorization Schema
- Getting ready
- How to do it...
- How it works...
- Testing for Insecure Direct Object References
- Getting ready
- How to do it...
- How it works...
- There's more...
- Chapter 5: Testing of Session Management
- Technical requirements
- Mutillidae setup
- Testing for cookie attributes
- Getting ready
- How to do it...
- How it works...
- Testing for cross-site request forgery (CSRF)
- Getting ready