Attacking and Exploiting Modern Web Applications Discover the Mindset, Techniques, and Tools to Perform Modern Web Attacks and Exploitation /

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Onofri, Simone (Autor), Onofri, Donato (Autor)
Otros Autores: Meucci, Matteo (writer of foreword.)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham : Packt Publishing, Limited, 2023.
Edición:1st edition.
Temas:
Web applications > Security measures.
Computer security.
Cyberterrorism.
Applications Web > Sécurité > Mesures.
Sécurité informatique.
Cyberterrorisme.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright and Credits
  • Dedication
  • Foreword
  • Contributors
  • Table of Contents
  • Part 1: Attack Preparation
  • Chapter 1: Mindset and Methodologies
  • Approach and mindset
  • The approach
  • The process
  • The testing techniques
  • The baseline competencies
  • The mindset
  • Methodologies and frameworks
  • NIST SP 800-115
  • Penetration Testing Execution Standard (PTES)
  • OWASP's WSTG
  • ISECOM's OSSTMM
  • The recipe
  • Summary
  • Further reading
  • Chapter 2: Toolset for Web Attacks and Exploitation
  • Technical requirements
  • Operating systems and the tools of the trade
  • Operating system
  • Linux
  • Windows
  • macOS
  • Browser
  • Interception proxy
  • Python for automating web tasks
  • Virtualization and containerization systems
  • VirtualBox
  • Docker
  • Summary
  • Further reading
  • Part 2: Evergreen Attacks
  • Chapter 3: Attacking the Authentication Layer
  • a SAML Use Case
  • Technical requirements
  • Scenario files
  • The Doors of Durin SAML login scenario
  • How does SAML work and what are its vulnerabilities?
  • What is SAML?
  • Vulnerabilities on SAML
  • Other authentication methods used with HTTP
  • How to discover and exploit vulnerabilities in SAML
  • Installing SAML Raider
  • Verifying the typical flow
  • the happy case
  • Verifying whether it is possible to send information without signature
  • Verifying whether it is possible to use a self-signed certificate
  • Verifying whether it is possible to use XML Signature Wrapping (XSW)
  • Other attacks and vulnerabilities on SAML
  • Summary
  • Further reading
  • Chapter 4: Attacking Internet-Facing Web Applications
  • SQL Injection and Cross-Site Scripting (XSS) on WordPress
  • Technical requirements
  • Scenario files
  • WordPress scenario introduction
  • How does SQL injection work?
  • SQL injection types
  • SQL injection techniques
  • SQL injection impact
  • Other injection vulnerabilities
  • How to discover and exploit SQL injection vulnerabilities
  • Information gathering and threat modeling
  • Starting with Static Analysis
  • Finding interesting files
  • Analyzing interesting files
  • Moving to dynamic analysis
  • Finding the dynamic request
  • Analyzing the context
  • Verifying the SQL injection
  • Exploiting the SQL injection
  • Writing the exploit with Python
  • Other attacks and vulnerabilities on internet-facing web applications
  • The bonus XSS
  • Summary
  • Further reading
  • Chapter 5: Attacking IoT Devices
  • Command Injection and Path Traversal
  • Technical requirements
  • Physical device
  • Scenario files
  • IoT router exploitation scenario introduction
  • How to analyze IoT devices
  • IoT device analysis
  • Analyzing industrial control system devices
  • How to find and exploit vulnerabilities in IoT devices
  • Basic physical analysis
  • Firmware analysis
  • Web Application Analysis
  • Summary
  • Further reading
  • Part 3: Novel Attacks
  • Chapter 6: Attacking Electron JavaScript Applications
  • from Cross-Site Scripting (XSS) to Remote Command Execution (RCE)

Ejemplares similares