万本电子书0元读

万本电子书0元读

顶部广告

Becoming the Hacker电子书

售       价:¥

96人正在读 | 0人评论 6.2

作       者:Adrian Pruteanu

出  版  社:Packt Publishing

出版时间:2019-01-31

字       数:179.4万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:此类商品不支持退换货,不支持下载打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
Web penetration testing by becoming an ethical hacker. Protect the web by learning the tools, and the tricks of the web application attacker. Key Features * Builds on books and courses on penetration testing for beginners * Covers both attack and defense perspectives * Examines which tool to deploy to suit different applications and situations Book Description Becoming the Hacker will teach you how to approach web penetration testing with an attacker's mindset. While testing web applications for performance is common, the ever-changing threat landscape makes security testing much more difficult for the defender. There are many web application tools that claim to provide a complete survey and defense against potential threats, but they must be analyzed in line with the security needs of each web application or service. We must understand how an attacker approaches a web application and the implications of breaching its defenses. Through the first part of the book, Adrian Pruteanu walks you through commonly encountered vulnerabilities and how to take advantage of them to achieve your goal. The latter part of the book shifts gears and puts the newly learned techniques into practice, going over scenarios where the target may be a popular content management system or a containerized application and its network. Becoming the Hacker is a clear guide to web application security from an attacker's point of view, from which both sides can benefit. What you will learn * Study the mindset of an attacker * Adopt defensive strategies * Classify and plan for standard web application security threats * Prepare to combat standard system security problems * Defend WordPress and mobile applications * Use security tools and plan for defense against remote execution Who this book is for The reader should have basic security experience, for example, through running a network or encountering security issues during application development. Formal education in security is useful, but not required. This title is suitable for people with at least two years of experience in development, network management, or DevOps, or with an established interest in security.
目录展开

Becoming the Hacker

Becoming the Hacker

Why subscribe?

Packt.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

1. Introduction to Attacking Web Applications

Rules of engagement

Communication

Privacy considerations

Cleaning up

The tester's toolkit

Kali Linux

Kali Linux alternatives

The attack proxy

Burp Suite

Zed Attack Proxy

Cloud infrastructure

Resources

Exercises

Summary

2. Efficient Discovery

Types of assessments

Target mapping

Masscan

WhatWeb

Nikto

CMS scanners

Efficient brute-forcing

Content discovery

Burp Suite

OWASP ZAP

Gobuster

Persistent content discovery

Payload processing

Polyglot payloads

Same payload, different context

Code obfuscation

Resources

Exercises

Summary

3. Low-Hanging Fruit

Network assessment

Looking for a way in

Credential guessing

A better way to shell

Cleaning up

Resources

Summary

4. Advanced Brute-forcing

Password spraying

LinkedIn scraping

Metadata

The cluster bomb

Behind seven proxies

Torify

Proxy cannon

Summary

5. File Inclusion Attacks

RFI

LFI

File inclusion to remote code execution

More file upload issues

Summary

6. Out-of-Band Exploitation

A common scenario

Command and control

Let’s Encrypt Communication

INet simulation

The confirmation

Async data exfiltration

Data inference

Summary

7. Automated Testing

Extending Burp

Authentication and authorization abuse

The Autorize flow

The Swiss Army knife

sqlmap helper

Web shells

Obfuscating code

Burp Collaborator

Public Collaborator server

Service interaction

Burp Collaborator client

Private Collaborator server

Summary

8. Bad Serialization

Abusing deserialization

Attacking custom protocols

Protocol analysis

Deserialization exploit

Summary

9. Practical Client-Side Attacks

SOP

Cross-origin resource sharing

XSS

Reflected XSS

Persistent XSS

DOM-based XSS

CSRF

BeEF

Hooking

Social engineering attacks

The keylogger

Persistence

Automatic exploitation

Tunneling traffic

Summary

10. Practical Server-Side Attacks

Internal and external references

XXE attacks

A billion laughs

Request forgery

The port scanner

Information leak

Blind XXE

Remote code execution

Interactive shells

Summary

11. Attacking APIs

API communication protocols

SOAP

REST

API authentication

Basic authentication

API keys

Bearer authentication

JWTs

JWT quirks

Burp JWT support

Postman

Installation

Upstream proxy

The environment

Collections

Collection Runner

Attack considerations

Summary

12. Attacking CMS

Application assessment

WPScan

sqlmap

Droopescan

Arachni web scanner

Backdooring the code

Persistence

Credential exfiltration

Summary

13. Breaking Containers

Vulnerable Docker scenario

Foothold

Situational awareness

Container breakout

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Index

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部