skip to content
Mastering Modern Web Penetration Testing. Preview this item
ClosePreview this item
Checking...

Mastering Modern Web Penetration Testing.

Author: Prakhar Prasad; TotalBoox,; TBX,
Publisher: Packt Publishing 2016.
Edition/Format:   eBook : Document : EnglishView all editions and formats
Summary:
Master the art of conducting modern pen testing attacks and techniques on your web application before the hacker does!About This Book This book covers the latest technologies such as Advance XSS, XSRF, SQL Injection, Web API testing, XML attack vectors, OAuth 2.0 Security, and more involved in today's web applications Penetrate and secure your web application using various techniques Get this comprehensive reference  Read more...
Rating:

(not yet rated) 0 with reviews - Be the first.

Subjects
More like this

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Genre/Form: Security; Web Programming; Networking
Electronic books
Additional Physical Format: Print version:
Prasad, Prakhar
Mastering Modern Web Penetration Testing
Birmingham : Packt Publishing,c2016
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Prakhar Prasad; TotalBoox,; TBX,
ISBN: 9781785289149 1785289144 9781785284588 1785284584
OCLC Number: 969028167
Description: 1 online resource
Contents: Cover; Copyright; Credits; About the Author; About the Reviewer; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Common Security Protocols; SOP; Demonstration of the same-origin policy in Google Chrome; Switching origins; Quirks with Internet Explorer; Cross-domain messaging; AJAX and the same-origin policy; CORS; CORS headers; Pre-flight request; Simple request; URL encoding --
percent encoding; Unrestricted characters; Restricted characters; Encoding table; Encoding unrestricted characters; Double encoding; Introducing double encoding IIS 5.0 directory traversal code execution --
CVE-2001-0333Using double encoding to evade XSS filters; Base64 encoding; Character set of Base64 encoding; The encoding process; Padding in Base64; Summary; Chapter 2: Information Gathering ; Information gathering techniques; Active techniques; Passive techniques; Enumerating Domains, Files, and Resources; Fierce; theHarvester; SubBrute; CeWL; DirBuster; WhatWeb; Maltego; Wolfram Alpha; Shodan; DNSdumpster; Reverse IP Lookup --
YouGetSignal; Pentest-Tools ; Google Advanced Search; Summary; Chapter 3: Cross-Site Scripting; Reflected XSS Demonstrating reflected XSS vulnerability Reflected XSS --
case study 1; Reflected XSS --
case study 2; Stored XSS; Demonstrating stored XSS ; Stored XSS through Markdown; Stored XSS through APIs; Stored XSS through spoofed IP addresses; Flash-based XSS --
ExternalInterface.call(); HttpOnly and secure cookie flags; DOM-based XSS; XSS exploitation --
The BeEF; Setting Up BeEF; Demonstration of the BeEF hook and its components; Logs; Commands; Rider; Xssrays; IPec; Network ; Summary; Chapter 4: Cross-Site Request Forgery; Introducing CSRF; Exploiting POST-request based CSRF How developers prevent CSRF?PayPal's CSRF vulnerability to change phone numbers; Exploiting CSRF in JSON requests; Using XSS to steal anti-CSRF tokens; Exploring pseudo anti-CSRF tokens; Flash comes to the rescue; Rosetta Flash; Defeating XMLHTTPRequest-based CSRF protection; Summary; Chapter 5: Exploiting SQL Injection; Installation of SQLMap under Kali Linux; Introduction to SQLMap; Injection techniques; Dumping the data --
in an error-based scenario; Interacting with the wizard; Dump everything!; SQLMap and URL rewriting; Speeding up the process!; Multi-threading; NULL connection HTTP persistent connectionsOutput prediction; Basic optimization flags; Dumping the data --
in blind and time-based scenarios; Reading and writing files; Checking privileges; Reading files; Writing files; Handling injections in a POST request; SQL injection inside a login-based portal; SQL shell; Command shell; Evasion --
tamper scripts; Configuring with proxies; Summary; Chapter 6: File Upload Vulnerabilities; Introducing file upload vulnerability; Remote code execution; Multi-functional web shells; Netcat accessible reverse shell; The return of XSS; SWF --
the flash; SVG images

Abstract:

Master the art of conducting modern pen testing attacks and techniques on your web application before the hacker does!About This Book This book covers the latest technologies such as Advance XSS, XSRF, SQL Injection, Web API testing, XML attack vectors, OAuth 2.0 Security, and more involved in today's web applications Penetrate and secure your web application using various techniques Get this comprehensive reference guide that provides advanced tricks and tools of the trade for seasoned penetration testersWho This Book Is For This book is for security professionals and penetration testers who want to speed up their modern web application penetrating testing. It will also benefit those at an intermediate level and web developers who need to be aware of the latest application hacking techniques. What You Will Learn Get to know the new and less-publicized techniques such PHP Object Injection and XML-based vectors Work with different security tools to automate most of the redundant tasks See different kinds of newly-designed security headers and how they help to provide security Exploit and detect different kinds of XSS vulnerabilities Protect your web application using filtering mechanisms Understand old school and classic web hacking in depth using SQL Injection, XSS, and CSRF Grasp XML-related vulnerabilities and attack vectors such as XXE and DoS techniques Get to know how to test REST APIs to discover security issues in themIn Detail Web penetration testing is a growing, fast-moving, and absolutely critical field in information security. This book executes modern web application attacks and utilises cutting-edge hacking techniques with an enhanced knowledge of web application security. We will cover web hacking techniques so you can explore the attack vectors during penetration tests. The book encompasses the latest technologies such as OAuth 2.0, Web API testing methodologies and XML vectors used by hackers. Some lesser discussed attack vectors such as RPO (relative path overwrite), DOM clobbering, PHP Object Injection and etc. has been covered in this book. We'll explain various old school techniques in depth such as XSS, CSRF, SQL Injection through the ever-dependable SQLMap and reconnaissance. Websites nowadays provide APIs to allow integration with third party applications, thereby exposing a lot of attack surface, we cover testing of these APIs using real-life examples. This pragmatic guide will be a great benefit and will help you prepare fully secure applications. Style and approach This master-level guide covers various techniques serially. It is power-packed with real-world examples that focus more on the practical aspects of implementing the techniques rather going into detailed theory.

Reviews

User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.

Similar Items

Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


Primary Entity

<http://www.worldcat.org/oclc/969028167> # Mastering Modern Web Penetration Testing.
    a schema:Book, schema:MediaObject, schema:CreativeWork ;
    library:oclcnum "969028167" ;
    schema:about <http://dewey.info/class/005.8/e23/> ;
    schema:about <http://experiment.worldcat.org/entity/work/data/3946099642#Topic/application_software_testing> ; # Application software--Testing
    schema:about <http://experiment.worldcat.org/entity/work/data/3946099642#Topic/penetration_testing> ; # Penetration testing
    schema:author <http://experiment.worldcat.org/entity/work/data/3946099642#Person/prasad_prakhar> ; # Prakhar Prasad
    schema:bookFormat schema:EBook ;
    schema:contributor <http://experiment.worldcat.org/entity/work/data/3946099642#Organization/tbx> ; # TBX,
    schema:contributor <http://experiment.worldcat.org/entity/work/data/3946099642#Organization/totalboox> ; # TotalBoox,
    schema:datePublished "2016" ;
    schema:description "Master the art of conducting modern pen testing attacks and techniques on your web application before the hacker does!About This Book This book covers the latest technologies such as Advance XSS, XSRF, SQL Injection, Web API testing, XML attack vectors, OAuth 2.0 Security, and more involved in today's web applications Penetrate and secure your web application using various techniques Get this comprehensive reference guide that provides advanced tricks and tools of the trade for seasoned penetration testersWho This Book Is For This book is for security professionals and penetration testers who want to speed up their modern web application penetrating testing. It will also benefit those at an intermediate level and web developers who need to be aware of the latest application hacking techniques. What You Will Learn Get to know the new and less-publicized techniques such PHP Object Injection and XML-based vectors Work with different security tools to automate most of the redundant tasks See different kinds of newly-designed security headers and how they help to provide security Exploit and detect different kinds of XSS vulnerabilities Protect your web application using filtering mechanisms Understand old school and classic web hacking in depth using SQL Injection, XSS, and CSRF Grasp XML-related vulnerabilities and attack vectors such as XXE and DoS techniques Get to know how to test REST APIs to discover security issues in themIn Detail Web penetration testing is a growing, fast-moving, and absolutely critical field in information security. This book executes modern web application attacks and utilises cutting-edge hacking techniques with an enhanced knowledge of web application security. We will cover web hacking techniques so you can explore the attack vectors during penetration tests. The book encompasses the latest technologies such as OAuth 2.0, Web API testing methodologies and XML vectors used by hackers. Some lesser discussed attack vectors such as RPO (relative path overwrite), DOM clobbering, PHP Object Injection and etc. has been covered in this book. We'll explain various old school techniques in depth such as XSS, CSRF, SQL Injection through the ever-dependable SQLMap and reconnaissance. Websites nowadays provide APIs to allow integration with third party applications, thereby exposing a lot of attack surface, we cover testing of these APIs using real-life examples. This pragmatic guide will be a great benefit and will help you prepare fully secure applications. Style and approach This master-level guide covers various techniques serially. It is power-packed with real-world examples that focus more on the practical aspects of implementing the techniques rather going into detailed theory."@en ;
    schema:description "Cover; Copyright; Credits; About the Author; About the Reviewer; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Common Security Protocols; SOP; Demonstration of the same-origin policy in Google Chrome; Switching origins; Quirks with Internet Explorer; Cross-domain messaging; AJAX and the same-origin policy; CORS; CORS headers; Pre-flight request; Simple request; URL encoding -- percent encoding; Unrestricted characters; Restricted characters; Encoding table; Encoding unrestricted characters; Double encoding; Introducing double encoding"@en ;
    schema:exampleOfWork <http://worldcat.org/entity/work/id/3946099642> ;
    schema:genre "Security; Web Programming; Networking"@en ;
    schema:genre "Electronic books"@en ;
    schema:inLanguage "en" ;
    schema:isSimilarTo <http://worldcat.org/entity/work/data/3946099642#CreativeWork/mastering_modern_web_penetration_testing> ;
    schema:name "Mastering Modern Web Penetration Testing."@en ;
    schema:productID "969028167" ;
    schema:publication <http://www.worldcat.org/title/-/oclc/969028167#PublicationEvent/packt_publishing2016> ;
    schema:publisher <http://experiment.worldcat.org/entity/work/data/3946099642#Agent/packt_publishing> ; # Packt Publishing
    schema:url <https://nls.ldls.org.uk/welcome.html?ark:/81055/vdc_100037448597.0x000001> ;
    schema:url <http://cdn.totalboox.com/static/covers/PT/6a36971c9517eb21-b.jpg> ;
    schema:url <http://www.totalboox.com/book/id-7653470765778987809> ;
    schema:url <http://ebookcentral.proquest.com/lib/ucm/detail.action?docID=4732044> ;
    schema:url <http://proquest.safaribooksonline.com/9781785284588> ;
    schema:workExample <http://worldcat.org/isbn/9781785289149> ;
    schema:workExample <http://worldcat.org/isbn/9781785284588> ;
    wdrs:describedby <http://www.worldcat.org/title/-/oclc/969028167> ;
    .


Related Entities

<http://experiment.worldcat.org/entity/work/data/3946099642#Agent/packt_publishing> # Packt Publishing
    a bgn:Agent ;
    schema:name "Packt Publishing" ;
    .

<http://experiment.worldcat.org/entity/work/data/3946099642#Person/prasad_prakhar> # Prakhar Prasad
    a schema:Person ;
    schema:familyName "Prasad" ;
    schema:givenName "Prakhar" ;
    schema:name "Prakhar Prasad" ;
    .

<http://experiment.worldcat.org/entity/work/data/3946099642#Topic/application_software_testing> # Application software--Testing
    a schema:Intangible ;
    schema:name "Application software--Testing"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/3946099642#Topic/penetration_testing> # Penetration testing
    a schema:Intangible ;
    schema:name "Penetration testing"@en ;
    .

<http://worldcat.org/entity/work/data/3946099642#CreativeWork/mastering_modern_web_penetration_testing>
    a schema:CreativeWork ;
    rdfs:label "Mastering Modern Web Penetration Testing" ;
    schema:description "Print version:" ;
    schema:isSimilarTo <http://www.worldcat.org/oclc/969028167> ; # Mastering Modern Web Penetration Testing.
    .

<http://worldcat.org/isbn/9781785284588>
    a schema:ProductModel ;
    schema:isbn "1785284584" ;
    schema:isbn "9781785284588" ;
    .

<http://worldcat.org/isbn/9781785289149>
    a schema:ProductModel ;
    schema:isbn "1785289144" ;
    schema:isbn "9781785289149" ;
    .


Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.