| LDR | | 00000cam u2200205Ii 4500 |
| 001 | | 000000430451 |
| 005 | | 20200122130655 |
| 007 | | cr cnu---unuuu |
| 008 | | 180922s2018 enk o 000 0 eng d |
| 020 | |
▼a 9781789349894
▼q (electronic bk.) |
| 020 | |
▼a 1789349893
▼q (electronic bk.) |
| 035 | |
▼a 1892711
▼b (N$T) |
| 035 | |
▼a (OCoLC)1054065850 |
| 040 | |
▼a EBLCP
▼b eng
▼c EBLCP
▼d N$T
▼d 247004 |
| 050 | 4 |
▼a TK5105.59 |
| 072 | 7 |
▼a COM
▼x 000000
▼2 bisacsh |
| 082 | 04 |
▼a 006.78
▼2 23 |
| 100 | 1 |
▼a Marshall, Joseph. |
| 245 | 10 |
▼a Hands-on bug hunting for penetration testers
▼h [electronic resource] :
▼b a practical guide to help ethical hackers discover web application security flaws/
▼c by Joseph Marshall. |
| 246 | 30 |
▼a Practical guide to help ethical hackers discover web application security flaws |
| 260 | |
▼a Birmingham:
▼b Packt Publishing Ltd,
▼c 2018. |
| 300 | |
▼a 1 online resource (240 p.). |
| 500 | |
▼a Description based upon print version of record. |
| 500 | |
▼a Attack Scenario |
| 505 | 0 |
▼a Cover; Title Page; Copyright and Credits; Dedication; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Joining the Hunt; Technical Requirements; The Benefits of Bug Bounty Programs; What You Should Already Know - Pentesting Background; Setting Up Your Environment -- Tools To Know; What You Will Learn -- Next Steps; How (Not) To Use This Book - A Warning; Summary; Questions; Further Reading; Chapter 2: Choosing Your Hunting Ground; Technical Requirements; An Overview of Bug Bounty Communities - Where to Start Your Search; Third-Party Marketplaces; Bugcrowd; HackerOne |
| 505 | 8 |
▼a Vulnerability LabBountyFactory; Synack; Company-Sponsored Initiatives; Google; Facebook; Amazon; GitHub; Microsoft; Finding Other Programs; Money Versus Swag Rewards; The Internet Bug Bounty Program; ZeroDisclo and Coordinated Vulnerability Disclosures; The Vulnerability of Web Applications - What You Should Target; Evaluating Rules of Engagement -- How to Protect Yourself; Summary; Questions; Further Reading; Chapter 3: Preparing for an Engagement; Technical Requirements; Tools; Using Burp; Attack Surface Reconnaisance -- Strategies and the Value of Standardization; Sitemaps |
| 505 | 8 |
▼a Scanning and Target ReconaissanceBrute-forcing Web Content; Spidering and Other Data-Collection Techniques; Burp Spider; Striker; Scrapy and Custom Pipelines; Manual Walkthroughs; Source Code; Building a Process; Formatting the JS Report; Downloading the JavaScript; Putting It All Together; The Value Behind the Structure; Summary; Questions; Further Reading; Chapter 4: Unsanitized Data -- An XSS Case Study; Technical Requirements; A Quick Overview of XSS - The Many Varieties of XSS; Testing for XSS -- Where to Find It, How to Verify It; Burp Suite and XSS Validator; Payload Sets |
| 505 | 8 |
▼a Payload OptionsPayload Processing; XSS -- An End-To-End Example; XSS in Google Gruyere; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce; Attack Scenario; Summary; Questions; Further Reading; Chapter 5: SQL, Code Injection, and Scanners; Technical Requirements; SQLi and Other Code Injection Attacks -- Accepting Unvalidated Data; A Simple SQLi Example; Testing for SQLi With Sqlmap -- Where to Find It and How to Verify It; Google Dorks for SQLi; Validating a Dork; Scanning for SQLi With Arachni; Going Beyond Defaults; Writing a Wrapper Script |
| 505 | 8 |
▼a NoSQL Injection -- Injecting Malformed MongoDB QueriesSQLi -- An End-to-End Example; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce; Attack Scenario; Final Report; Summary; Questions; Further Reading; Chapter 6: CSRF and Insecure Session Authentication; Technical Requirements; Building and Using CSRF PoCs; Creating a CSRF PoC Code Snippet; Validating Your CSRF PoC; Creating Your CSRF PoC Programmatically; CSRF -- An End-to-End Example; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce |
| 520 | |
▼a Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively--and profitably--participating in bug bounty programs. |
| 588 | 0 |
▼a Online resource; title from PDF title page (EBSCO, viewed October 16, 2018). |
| 590 | |
▼a Master record variable field(s) change: 050, 072, 082, 650 |
| 650 | 0 |
▼a Computer networks
▼x Security measures. |
| 650 | 0 |
▼a World Wide Web
▼x Security measures. |
| 650 | 0 |
▼a Application software. |
| 650 | 7 |
▼a COMPUTERS / General.
▼2 bisacsh |
| 655 | 4 |
▼a Electronic books. |
| 776 | 08 |
▼i Print version:
▼a Marshall, Joseph
▼t Hands-On Bug Hunting for Penetration Testers : A Practical Guide to Help Ethical Hackers Discover Web Application Security Flaws
▼d Birmingham : Packt Publishing Ltd,c2018
▼z 9781789344202 |
| 856 | 40 |
▼3 EBSCOhost
▼u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=1892711 |
| 938 | |
▼a EBL - Ebook Library
▼b EBLB
▼n EBL5516318 |
| 938 | |
▼a EBSCOhost
▼b EBSC
▼n 1892711 |
| 990 | |
▼a ***1008102 |
| 991 | |
▼a E-BOOK |
| 994 | |
▼a 92
▼b N$T |