Attacking and Exploiting Modern Web Applications Discover the Mindset, Techniques, and Tools to Perform Modern Web Attacks and Exploitation /

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Onofri, Simone (Autor), Onofri, Donato (Autor)
Otros Autores: Meucci, Matteo (writer of foreword.)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham : Packt Publishing, Limited, 2023.
Edición:1st edition.
Temas:
Web applications > Security measures.
Computer security.
Cyberterrorism.
Applications Web > Sécurité > Mesures.
Sécurité informatique.
Cyberterrorisme.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)

MARC

LEADER 00000cam a22000007a 4500
001 OR_on1392342688
003 OCoLC
005 20231017213018.0
006 m o d
007 cr cnu||||||||
008 230805s2023 enk o 000 0 eng d
040 |a EBLCP  |b eng  |c EBLCP  |d YDX  |d OCLCQ  |d ORMDA  |d OCLCO 
019 |a 1392046529 
020 |a 9781801811965 
020 |a 1801811962 
020 |z 1801816298 
020 |z 9781801816298 
035 |a (OCoLC)1392342688  |z (OCoLC)1392046529 
037 |a 9781801816298  |b O'Reilly Media 
050 4 |a QA76.9.A25 
082 0 4 |a 005.8  |2 23/eng/20230906 
049 |a UAMI 
100 1 |a Onofri, Simone,  |e author. 
245 1 0 |a Attacking and Exploiting Modern Web Applications  |h [electronic resource] :  |b Discover the Mindset, Techniques, and Tools to Perform Modern Web Attacks and Exploitation /  |c Simone Onofri, Donata Onofri ; foreword by Matteo Meucci. 
250 |a 1st edition. 
260 |a Birmingham :  |b Packt Publishing, Limited,  |c 2023. 
300 |a 1 online resource (338 p.) 
500 |a Description based upon print version of record. 
505 0 |a Cover -- Title Page -- Copyright and Credits -- Dedication -- Foreword -- Contributors -- Table of Contents -- Part 1: Attack Preparation -- Chapter 1: Mindset and Methodologies -- Approach and mindset -- The approach -- The process -- The testing techniques -- The baseline competencies -- The mindset -- Methodologies and frameworks -- NIST SP 800-115 -- Penetration Testing Execution Standard (PTES) -- OWASP's WSTG -- ISECOM's OSSTMM -- The recipe -- Summary -- Further reading -- Chapter 2: Toolset for Web Attacks and Exploitation -- Technical requirements 
505 8 |a Operating systems and the tools of the trade -- Operating system -- Linux -- Windows -- macOS -- Browser -- Interception proxy -- Python for automating web tasks -- Virtualization and containerization systems -- VirtualBox -- Docker -- Summary -- Further reading -- Part 2: Evergreen Attacks -- Chapter 3: Attacking the Authentication Layer -- a SAML Use Case -- Technical requirements -- Scenario files -- The Doors of Durin SAML login scenario -- How does SAML work and what are its vulnerabilities? -- What is SAML? -- Vulnerabilities on SAML -- Other authentication methods used with HTTP 
505 8 |a How to discover and exploit vulnerabilities in SAML -- Installing SAML Raider -- Verifying the typical flow -- the happy case -- Verifying whether it is possible to send information without signature -- Verifying whether it is possible to use a self-signed certificate -- Verifying whether it is possible to use XML Signature Wrapping (XSW) -- Other attacks and vulnerabilities on SAML -- Summary -- Further reading -- Chapter 4: Attacking Internet-Facing Web Applications -- SQL Injection and Cross-Site Scripting (XSS) on WordPress -- Technical requirements -- Scenario files 
505 8 |a WordPress scenario introduction -- How does SQL injection work? -- SQL injection types -- SQL injection techniques -- SQL injection impact -- Other injection vulnerabilities -- How to discover and exploit SQL injection vulnerabilities -- Information gathering and threat modeling -- Starting with Static Analysis -- Finding interesting files -- Analyzing interesting files -- Moving to dynamic analysis -- Finding the dynamic request -- Analyzing the context -- Verifying the SQL injection -- Exploiting the SQL injection -- Writing the exploit with Python 
505 8 |a Other attacks and vulnerabilities on internet-facing web applications -- The bonus XSS -- Summary -- Further reading -- Chapter 5: Attacking IoT Devices -- Command Injection and Path Traversal -- Technical requirements -- Physical device -- Scenario files -- IoT router exploitation scenario introduction -- How to analyze IoT devices -- IoT device analysis -- Analyzing industrial control system devices -- How to find and exploit vulnerabilities in IoT devices -- Basic physical analysis -- Firmware analysis -- Web Application Analysis -- Summary -- Further reading -- Part 3: Novel Attacks 
505 8 |a Chapter 6: Attacking Electron JavaScript Applications -- from Cross-Site Scripting (XSS) to Remote Command Execution (RCE) 
590 |a O'Reilly  |b O'Reilly Online Learning: Academic/Public Library Edition 
650 0 |a Web applications  |x Security measures. 
650 0 |a Computer security. 
650 0 |a Cyberterrorism. 
650 6 |a Applications Web  |x Sécurité  |x Mesures. 
650 6 |a Sécurité informatique. 
650 6 |a Cyberterrorisme. 
700 1 |a Onofri, Donato,  |e author. 
700 1 |a Meucci, Matteo,  |e writer of foreword. 
776 0 8 |i Print version:  |a Onofri, Simone  |t Attacking and Exploiting Modern Web Applications  |d Birmingham : Packt Publishing, Limited,c2023 
856 4 0 |u https://learning.oreilly.com/library/view/~/9781801816298/?ar  |z Texto completo (Requiere registro previo con correo institucional) 
938 |a ProQuest Ebook Central  |b EBLB  |n EBL30669999 
938 |a YBP Library Services  |b YANK  |n 305620808 
994 |a 92  |b IZTAP 

Ejemplares similares