대구한의대학교 향산도서관

상세정보

부가기능

Hands-on bug hunting for penetration testers [electronic resource] a practical guide to help ethical hackers discover web application security flaws

상세 프로파일

상세정보
자료유형단행본
서명/저자사항Hands-on bug hunting for penetration testers [electronic resource] : a practical guide to help ethical hackers discover web application security flaws/ by Joseph Marshall.
개인저자Marshall, Joseph.
발행사항Birmingham: Packt Publishing Ltd, 2018.
형태사항1 online resource (240 p.).
기타형태 저록Print version: Marshall, Joseph Hands-On Bug Hunting for Penetration Testers : A Practical Guide to Help Ethical Hackers Discover Web Application Security Flaws Birmingham : Packt Publishing Ltd,c2018 9781789344202
ISBN9781789349894
1789349893
일반주기 Description based upon print version of record.
Attack Scenario
내용주기Cover; Title Page; Copyright and Credits; Dedication; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Joining the Hunt; Technical Requirements; The Benefits of Bug Bounty Programs; What You Should Already Know - Pentesting Background; Setting Up Your Environment -- Tools To Know; What You Will Learn -- Next Steps; How (Not) To Use This Book - A Warning; Summary; Questions; Further Reading; Chapter 2: Choosing Your Hunting Ground; Technical Requirements; An Overview of Bug Bounty Communities - Where to Start Your Search; Third-Party Marketplaces; Bugcrowd; HackerOne
Vulnerability LabBountyFactory; Synack; Company-Sponsored Initiatives; Google; Facebook; Amazon; GitHub; Microsoft; Finding Other Programs; Money Versus Swag Rewards; The Internet Bug Bounty Program; ZeroDisclo and Coordinated Vulnerability Disclosures; The Vulnerability of Web Applications - What You Should Target; Evaluating Rules of Engagement -- How to Protect Yourself; Summary; Questions; Further Reading; Chapter 3: Preparing for an Engagement; Technical Requirements; Tools; Using Burp; Attack Surface Reconnaisance -- Strategies and the Value of Standardization; Sitemaps
Scanning and Target ReconaissanceBrute-forcing Web Content; Spidering and Other Data-Collection Techniques; Burp Spider; Striker; Scrapy and Custom Pipelines; Manual Walkthroughs; Source Code; Building a Process; Formatting the JS Report; Downloading the JavaScript; Putting It All Together; The Value Behind the Structure; Summary; Questions; Further Reading; Chapter 4: Unsanitized Data -- An XSS Case Study; Technical Requirements; A Quick Overview of XSS - The Many Varieties of XSS; Testing for XSS -- Where to Find It, How to Verify It; Burp Suite and XSS Validator; Payload Sets
Payload OptionsPayload Processing; XSS -- An End-To-End Example; XSS in Google Gruyere; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce; Attack Scenario; Summary; Questions; Further Reading; Chapter 5: SQL, Code Injection, and Scanners; Technical Requirements; SQLi and Other Code Injection Attacks -- Accepting Unvalidated Data; A Simple SQLi Example; Testing for SQLi With Sqlmap -- Where to Find It and How to Verify It; Google Dorks for SQLi; Validating a Dork; Scanning for SQLi With Arachni; Going Beyond Defaults; Writing a Wrapper Script
NoSQL Injection -- Injecting Malformed MongoDB QueriesSQLi -- An End-to-End Example; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce; Attack Scenario; Final Report; Summary; Questions; Further Reading; Chapter 6: CSRF and Insecure Session Authentication; Technical Requirements; Building and Using CSRF PoCs; Creating a CSRF PoC Code Snippet; Validating Your CSRF PoC; Creating Your CSRF PoC Programmatically; CSRF -- An End-to-End Example; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce
요약Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively--and profitably--participating in bug bounty programs.
일반주제명Computer networks --Security measures.
World Wide Web --Security measures.
Application software.
COMPUTERS / General.
언어영어
바로가기URL

서평(리뷰)

  • 서평(리뷰)

태그

  • 태그

나의 태그

나의 태그 (0)

모든 이용자 태그

모든 이용자 태그 (0) 태그 목록형 보기 태그 구름형 보기
 
로그인폼