상세정보
Export to Refworks부가기능
Hands-on bug hunting for penetration testers [electronic resource] a practical guide to help ethical hackers discover web application security flaws
상세 프로파일
| 자료유형 | 단행본 |
|---|---|
| 서명/저자사항 | Hands-on bug hunting for penetration testers [electronic resource] : a practical guide to help ethical hackers discover web application security flaws/ by Joseph Marshall. |
| 개인저자 | Marshall, Joseph. |
| 발행사항 | Birmingham: Packt Publishing Ltd, 2018. |
| 형태사항 | 1 online resource (240 p.). |
| 기타형태 저록 | Print version: Marshall, Joseph Hands-On Bug Hunting for Penetration Testers : A Practical Guide to Help Ethical Hackers Discover Web Application Security Flaws Birmingham : Packt Publishing Ltd,c2018 9781789344202 |
| ISBN | 9781789349894 1789349893 |
| 일반주기 |
Description based upon print version of record.
Attack Scenario |
| 내용주기 | Cover; Title Page; Copyright and Credits; Dedication; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Joining the Hunt; Technical Requirements; The Benefits of Bug Bounty Programs; What You Should Already Know - Pentesting Background; Setting Up Your Environment -- Tools To Know; What You Will Learn -- Next Steps; How (Not) To Use This Book - A Warning; Summary; Questions; Further Reading; Chapter 2: Choosing Your Hunting Ground; Technical Requirements; An Overview of Bug Bounty Communities - Where to Start Your Search; Third-Party Marketplaces; Bugcrowd; HackerOne Vulnerability LabBountyFactory; Synack; Company-Sponsored Initiatives; Google; Facebook; Amazon; GitHub; Microsoft; Finding Other Programs; Money Versus Swag Rewards; The Internet Bug Bounty Program; ZeroDisclo and Coordinated Vulnerability Disclosures; The Vulnerability of Web Applications - What You Should Target; Evaluating Rules of Engagement -- How to Protect Yourself; Summary; Questions; Further Reading; Chapter 3: Preparing for an Engagement; Technical Requirements; Tools; Using Burp; Attack Surface Reconnaisance -- Strategies and the Value of Standardization; Sitemaps Scanning and Target ReconaissanceBrute-forcing Web Content; Spidering and Other Data-Collection Techniques; Burp Spider; Striker; Scrapy and Custom Pipelines; Manual Walkthroughs; Source Code; Building a Process; Formatting the JS Report; Downloading the JavaScript; Putting It All Together; The Value Behind the Structure; Summary; Questions; Further Reading; Chapter 4: Unsanitized Data -- An XSS Case Study; Technical Requirements; A Quick Overview of XSS - The Many Varieties of XSS; Testing for XSS -- Where to Find It, How to Verify It; Burp Suite and XSS Validator; Payload Sets Payload OptionsPayload Processing; XSS -- An End-To-End Example; XSS in Google Gruyere; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce; Attack Scenario; Summary; Questions; Further Reading; Chapter 5: SQL, Code Injection, and Scanners; Technical Requirements; SQLi and Other Code Injection Attacks -- Accepting Unvalidated Data; A Simple SQLi Example; Testing for SQLi With Sqlmap -- Where to Find It and How to Verify It; Google Dorks for SQLi; Validating a Dork; Scanning for SQLi With Arachni; Going Beyond Defaults; Writing a Wrapper Script NoSQL Injection -- Injecting Malformed MongoDB QueriesSQLi -- An End-to-End Example; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce; Attack Scenario; Final Report; Summary; Questions; Further Reading; Chapter 6: CSRF and Insecure Session Authentication; Technical Requirements; Building and Using CSRF PoCs; Creating a CSRF PoC Code Snippet; Validating Your CSRF PoC; Creating Your CSRF PoC Programmatically; CSRF -- An End-to-End Example; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce |
| 요약 | Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively--and profitably--participating in bug bounty programs. |
| 일반주제명 | Computer networks --Security measures. World Wide Web --Security measures. Application software. COMPUTERS / General. |
| 언어 | 영어 |
| 바로가기 |  |
