skip to content
Real-world bug hunting : a field guide to web hacking Preview this item
ClosePreview this item
Checking...

Real-world bug hunting : a field guide to web hacking

Author: Peter Yaworski
Publisher: San Francisco : No Starch Press, 2019.
Edition/Format:   eBook : Document : EnglishView all editions and formats
Summary:
"Uses real-world bug reports (vulnerabilities in software or in this case web applications) to teach programmers and InfoSec professionals how to discover and protect vulnerabilities in web applications. Real-World Bug Hunting is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualizes them with real bug bounty reports released by hackers on  Read more...
Rating:

(not yet rated) 0 with reviews - Be the first.

Subjects
More like this

Find a copy online

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Genre/Form: Electronic books
Additional Physical Format: Print version:
Yaworski, Peter, author.
Real-world bug hunting
San Francisco : No Starch Press, 2019
(DLC) 2018060556
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Peter Yaworski
ISBN: 1593278624 9781593278625
OCLC Number: 1081338218
Description: 1 online resource
Contents: Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Introduction; Who Should Read This Book; How to Read This Book; What's in This Book; A Disclaimer About Hacking; Chapter 1: Bug Bounty Basics; Vulnerabilities and Bug Bounties; Client and Server; What Happens When You Visit a Website; Step 1: Extracting the Domain Name; Step 2: Resolving an IP Address; Step 3: Establishing a TCP Connection; Step 4: Sending an HTTP Request; Step 5: Server Response; Step 6: Rendering the Response; HTTP Requests; Request Methods; HTTP Is Stateless; Summary; Chapter 2: Open Redirect How Open Redirects WorkShopify Theme Install Open Redirect; Takeaways; Shopify Login Open Redirect; Takeaways; HackerOne Interstitial Redirect; Takeaways; Summary; Chapter 3: HTTP Parameter Pollution; Server-Side HPP; Client-Side HPP; HackerOne Social Sharing Buttons; Takeaways; Twitter Unsubscribe Notifications; Takeaways; Twitter Web Intents; Takeaways; Summary; Chapter 4: Cross-Site Request Forgery; Authentication; CSRF with GET Requests; CSRF with POST Requests; Defenses Against CSRF Attacks; Shopify Twitter Disconnect; Takeaways; Change Users Instacart Zones; Takeaways Badoo Full Account TakeoverTakeaways; Summary; Chapter 5: HTML Injection and Content Spoofing; Coinbase Comment Injection Through Character Encoding; Takeaways; HackerOne Unintended HTML Inclusion; Takeaways; HackerOne Unintended HTML Include Fix Bypass; Takeaways; Within Security Content Spoofing; Takeaways; Summary; Chapter 6: Carriage Return Line Feed Injection; HTTP Request Smuggling; v.shopify.com Response Splitting; Takeaways; Twitter HTTP Response Splitting; Takeaways; Summary; Chapter 7: Cross-Site Scripting; Types of XSS; Shopify Wholesale; Takeaways; Shopify Currency Formatting TakeawaysYahoo! Mail Stored XSS; Takeaways; Google Image Search; Takeaways; Google Tag Manager Stored XSS; Takeaways; United Airlines XSS; Takeaways; Summary; Chapter 8: Template Injections; Server-Side Template Injections; Client-Side Template Injections; Uber AngularJS Template Injection; Takeaways; Uber Flask Jinja2 Template Injection; Takeaways; Rails Dynamic Render; Takeaways; Unikrn Smarty Template Injection; Takeaways; Summary; Chapter 9: SQL Injection; SQL Databases; Countermeasures Against SQLi; Yahoo! Sports Blind SQLi; Takeaways; Uber Blind SQLi; Takeaways; Drupal SQLi; Takeaways
Responsibility: Peter Yaworski.

Abstract:

"Uses real-world bug reports (vulnerabilities in software or in this case web applications) to teach programmers and InfoSec professionals how to discover and protect vulnerabilities in web applications. Real-World Bug Hunting is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualizes them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks. As you read each report, you'll gain deeper insight into how the vulnerabilities work and how you might find similar ones. Each chapter begins with an explanation of a vulnerability type, then moves into a series of real bug bounty reports that show how the bugs were found. You'll learn things like how Cross-Site Request Forgery tricks users into unknowingly submitting information to websites they are logged into; how to pass along unsafe JavaScript to execute Cross-Site Scripting; how to access another user's data via Insecure Direct Object References; how to trick websites into disclosing information with Server Side Request Forgeries; and how bugs in application logic can lead to pretty serious vulnerabilities. Yaworski also shares advice on how to write effective vulnerability reports and develop relationships with bug bounty programs, as well as recommends hacking tools that can make the job a little easier"--

Reviews

User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


Primary Entity

<http://www.worldcat.org/oclc/1081338218> # Real-world bug hunting : a field guide to web hacking
    a schema:Book, schema:MediaObject, schema:CreativeWork ;
    library:oclcnum "1081338218" ;
    library:placeOfPublication <http://id.loc.gov/vocabulary/countries/cau> ;
    schema:about <http://experiment.worldcat.org/entity/work/data/5446089131#Topic/web_sites_testing> ; # Web sites--Testing
    schema:about <http://experiment.worldcat.org/entity/work/data/5446089131#Topic/penetration_testing_computer_security> ; # Penetration testing (Computer security)
    schema:about <http://experiment.worldcat.org/entity/work/data/5446089131#Topic/computers_security_general> ; # COMPUTERS / Security / General
    schema:about <http://experiment.worldcat.org/entity/work/data/5446089131#Topic/computers_networking_security> ; # COMPUTERS / Networking / Security
    schema:about <http://experiment.worldcat.org/entity/work/data/5446089131#Topic/debugging_in_computer_science> ; # Debugging in computer science
    schema:about <http://dewey.info/class/004.24/e23/> ;
    schema:about <http://experiment.worldcat.org/entity/work/data/5446089131#Topic/computers_security_viruses> ; # COMPUTERS / Security / Viruses
    schema:author <http://experiment.worldcat.org/entity/work/data/5446089131#Person/yaworski_peter> ; # Peter Yaworski
    schema:bookFormat schema:EBook ;
    schema:datePublished "2019" ;
    schema:description "Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Introduction; Who Should Read This Book; How to Read This Book; What's in This Book; A Disclaimer About Hacking; Chapter 1: Bug Bounty Basics; Vulnerabilities and Bug Bounties; Client and Server; What Happens When You Visit a Website; Step 1: Extracting the Domain Name; Step 2: Resolving an IP Address; Step 3: Establishing a TCP Connection; Step 4: Sending an HTTP Request; Step 5: Server Response; Step 6: Rendering the Response; HTTP Requests; Request Methods; HTTP Is Stateless; Summary; Chapter 2: Open Redirect"@en ;
    schema:description ""Uses real-world bug reports (vulnerabilities in software or in this case web applications) to teach programmers and InfoSec professionals how to discover and protect vulnerabilities in web applications. Real-World Bug Hunting is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualizes them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks. As you read each report, you'll gain deeper insight into how the vulnerabilities work and how you might find similar ones. Each chapter begins with an explanation of a vulnerability type, then moves into a series of real bug bounty reports that show how the bugs were found. You'll learn things like how Cross-Site Request Forgery tricks users into unknowingly submitting information to websites they are logged into; how to pass along unsafe JavaScript to execute Cross-Site Scripting; how to access another user's data via Insecure Direct Object References; how to trick websites into disclosing information with Server Side Request Forgeries; and how bugs in application logic can lead to pretty serious vulnerabilities. Yaworski also shares advice on how to write effective vulnerability reports and develop relationships with bug bounty programs, as well as recommends hacking tools that can make the job a little easier"--"@en ;
    schema:exampleOfWork <http://worldcat.org/entity/work/id/5446089131> ;
    schema:genre "Electronic books"@en ;
    schema:inLanguage "en" ;
    schema:isSimilarTo <http://worldcat.org/entity/work/data/5446089131#CreativeWork/real_world_bug_hunting> ;
    schema:name "Real-world bug hunting : a field guide to web hacking"@en ;
    schema:productID "1081338218" ;
    schema:url <http://proquest.safaribooksonline.com/?fpi=9781098122508> ;
    schema:url <http://public.ebookcentral.proquest.com/choice/publicfullrecord.aspx?p=5851213> ;
    schema:url <https://rbdigital.rbdigital.com> ;
    schema:url <http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=1536463> ;
    schema:workExample <http://worldcat.org/isbn/9781593278625> ;
    wdrs:describedby <http://www.worldcat.org/title/-/oclc/1081338218> ;
    .


Related Entities

<http://experiment.worldcat.org/entity/work/data/5446089131#Person/yaworski_peter> # Peter Yaworski
    a schema:Person ;
    schema:familyName "Yaworski" ;
    schema:givenName "Peter" ;
    schema:name "Peter Yaworski" ;
    .

<http://experiment.worldcat.org/entity/work/data/5446089131#Topic/computers_networking_security> # COMPUTERS / Networking / Security
    a schema:Intangible ;
    schema:name "COMPUTERS / Networking / Security"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/5446089131#Topic/computers_security_general> # COMPUTERS / Security / General
    a schema:Intangible ;
    schema:name "COMPUTERS / Security / General"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/5446089131#Topic/computers_security_viruses> # COMPUTERS / Security / Viruses
    a schema:Intangible ;
    schema:name "COMPUTERS / Security / Viruses"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/5446089131#Topic/debugging_in_computer_science> # Debugging in computer science
    a schema:Intangible ;
    schema:name "Debugging in computer science"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/5446089131#Topic/penetration_testing_computer_security> # Penetration testing (Computer security)
    a schema:Intangible ;
    schema:name "Penetration testing (Computer security)"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/5446089131#Topic/web_sites_testing> # Web sites--Testing
    a schema:Intangible ;
    schema:name "Web sites--Testing"@en ;
    .

<http://worldcat.org/entity/work/data/5446089131#CreativeWork/real_world_bug_hunting>
    a schema:CreativeWork ;
    rdfs:label "Real-world bug hunting" ;
    schema:description "Print version:" ;
    schema:isSimilarTo <http://www.worldcat.org/oclc/1081338218> ; # Real-world bug hunting : a field guide to web hacking
    .

<http://worldcat.org/isbn/9781593278625>
    a schema:ProductModel ;
    schema:isbn "1593278624" ;
    schema:isbn "9781593278625" ;
    .


Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.