MARC보기
LDR00000cam u2200205Ii 4500
001000000430451
00520200122130655
007cr cnu---unuuu
008180922s2018 enk o 000 0 eng d
020 ▼a 9781789349894 ▼q (electronic bk.)
020 ▼a 1789349893 ▼q (electronic bk.)
035 ▼a 1892711 ▼b (N$T)
035 ▼a (OCoLC)1054065850
040 ▼a EBLCP ▼b eng ▼c EBLCP ▼d N$T ▼d 247004
050 4 ▼a TK5105.59
072 7 ▼a COM ▼x 000000 ▼2 bisacsh
08204 ▼a 006.78 ▼2 23
1001 ▼a Marshall, Joseph.
24510 ▼a Hands-on bug hunting for penetration testers ▼h [electronic resource] : ▼b a practical guide to help ethical hackers discover web application security flaws/ ▼c by Joseph Marshall.
24630 ▼a Practical guide to help ethical hackers discover web application security flaws
260 ▼a Birmingham: ▼b Packt Publishing Ltd, ▼c 2018.
300 ▼a 1 online resource (240 p.).
500 ▼a Description based upon print version of record.
500 ▼a Attack Scenario
5050 ▼a Cover; Title Page; Copyright and Credits; Dedication; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Joining the Hunt; Technical Requirements; The Benefits of Bug Bounty Programs; What You Should Already Know - Pentesting Background; Setting Up Your Environment -- Tools To Know; What You Will Learn -- Next Steps; How (Not) To Use This Book - A Warning; Summary; Questions; Further Reading; Chapter 2: Choosing Your Hunting Ground; Technical Requirements; An Overview of Bug Bounty Communities - Where to Start Your Search; Third-Party Marketplaces; Bugcrowd; HackerOne
5058 ▼a Vulnerability LabBountyFactory; Synack; Company-Sponsored Initiatives; Google; Facebook; Amazon; GitHub; Microsoft; Finding Other Programs; Money Versus Swag Rewards; The Internet Bug Bounty Program; ZeroDisclo and Coordinated Vulnerability Disclosures; The Vulnerability of Web Applications - What You Should Target; Evaluating Rules of Engagement -- How to Protect Yourself; Summary; Questions; Further Reading; Chapter 3: Preparing for an Engagement; Technical Requirements; Tools; Using Burp; Attack Surface Reconnaisance -- Strategies and the Value of Standardization; Sitemaps
5058 ▼a Scanning and Target ReconaissanceBrute-forcing Web Content; Spidering and Other Data-Collection Techniques; Burp Spider; Striker; Scrapy and Custom Pipelines; Manual Walkthroughs; Source Code; Building a Process; Formatting the JS Report; Downloading the JavaScript; Putting It All Together; The Value Behind the Structure; Summary; Questions; Further Reading; Chapter 4: Unsanitized Data -- An XSS Case Study; Technical Requirements; A Quick Overview of XSS - The Many Varieties of XSS; Testing for XSS -- Where to Find It, How to Verify It; Burp Suite and XSS Validator; Payload Sets
5058 ▼a Payload OptionsPayload Processing; XSS -- An End-To-End Example; XSS in Google Gruyere; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce; Attack Scenario; Summary; Questions; Further Reading; Chapter 5: SQL, Code Injection, and Scanners; Technical Requirements; SQLi and Other Code Injection Attacks -- Accepting Unvalidated Data; A Simple SQLi Example; Testing for SQLi With Sqlmap -- Where to Find It and How to Verify It; Google Dorks for SQLi; Validating a Dork; Scanning for SQLi With Arachni; Going Beyond Defaults; Writing a Wrapper Script
5058 ▼a NoSQL Injection -- Injecting Malformed MongoDB QueriesSQLi -- An End-to-End Example; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce; Attack Scenario; Final Report; Summary; Questions; Further Reading; Chapter 6: CSRF and Insecure Session Authentication; Technical Requirements; Building and Using CSRF PoCs; Creating a CSRF PoC Code Snippet; Validating Your CSRF PoC; Creating Your CSRF PoC Programmatically; CSRF -- An End-to-End Example; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce
520 ▼a Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively--and profitably--participating in bug bounty programs.
5880 ▼a Online resource; title from PDF title page (EBSCO, viewed October 16, 2018).
590 ▼a Master record variable field(s) change: 050, 072, 082, 650
650 0 ▼a Computer networks ▼x Security measures.
650 0 ▼a World Wide Web ▼x Security measures.
650 0 ▼a Application software.
650 7 ▼a COMPUTERS / General. ▼2 bisacsh
655 4 ▼a Electronic books.
77608 ▼i Print version: ▼a Marshall, Joseph ▼t Hands-On Bug Hunting for Penetration Testers : A Practical Guide to Help Ethical Hackers Discover Web Application Security Flaws ▼d Birmingham : Packt Publishing Ltd,c2018 ▼z 9781789344202
85640 ▼3 EBSCOhost ▼u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=1892711
938 ▼a EBL - Ebook Library ▼b EBLB ▼n EBL5516318
938 ▼a EBSCOhost ▼b EBSC ▼n 1892711
990 ▼a ***1008102
991 ▼a E-BOOK
994 ▼a 92 ▼b N$T