Home | Amazing | Today | Tags | Publishers | Years | Account | Search 
Hands-On Bug Hunting for Penetration Testers: A practical guide to help ethical hackers discover web application security flaws

Buy

Detailed walkthroughs of how to discover, test, and document common web application vulnerabilities.

Key Features

  • Learn how to test for common bugs
  • Discover tools and methods for hacking ethically
  • Practice working through pentesting engagements step-by-step

Book Description

Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively?and profitably?participating in bug bounty programs.

You will learn about SQli, NoSQLi, XSS, XXE, and other forms of code injection. You'll see how to create CSRF PoC HTML snippets, how to discover hidden content (and what to do with it once it's found), and how to create the tools for automated pentesting workflows.

Then, you'll format all of this information within the context of a bug report that will have the greatest chance of earning you cash.

With detailed walkthroughs that cover discovering, testing, and reporting vulnerabilities, this book is ideal for aspiring security professionals. You should come away from this work with the skills you need to not only find the bugs you're looking for, but also the best bug bounty programs to participate in, and how to grow your skills moving forward in freelance security research.

What you will learn

  • Choose what bug bounty programs to engage in
  • Understand how to minimize your legal liability and hunt for bugs ethically
  • See how to take notes that will make compiling your submission report easier
  • Know how to take an XSS vulnerability from discovery to verification, and report submission
  • Automate CSRF PoC generation with Python
  • Leverage Burp Suite for CSRF detection
  • Use WP Scan and other tools to find vulnerabilities in WordPress, Django, and Ruby on Rails applications
  • Write your report in a way that will earn you the maximum amount of money

Who this book is for

This book is written for developers, hobbyists, pentesters, and anyone with an interest (and a little experience) in web application security.

Table of Contents

  1. Joining the Hunt
  2. Choosing Your Hunting Ground
  3. Preparing for an Engagement
  4. Unsanitized Data; An XSS Case Study
  5. SQL, Code Injection, and Scanners
  6. CSRF and Insecure Session Authentication
  7. Detecting XML External Entities
  8. Access Control and Security Through Obscurity
  9. Framework and Application-Specific Vulnerabilities
  10. Formatting Your Report
  11. Other Tools
  12. Other (Out of Scope) Vulnerabilities
  13. Going Further
  14. Assessment
(HTML tags aren't allowed.)

Burp Suite Cookbook: Practical recipes to help you master web penetration testing with Burp Suite
Burp Suite Cookbook: Practical recipes to help you master web penetration testing with Burp Suite

Get hands-on experience of using Burp Suite to execute attacks and perform web assessments

Key Features

  • Use tools in Burp Suite to meet your web infrastructure security demands
  • Configure Burp to fine-tune the suite of tools specific to the target
  • Use Burp...
WordPress 24-Hour Trainer
WordPress 24-Hour Trainer

The easy, self-paced guide to the powerful WordPress platform WordPress 24-Hour Trainer, 3rd Edition provides a comprehensive, unique book-and-video package that focuses on the practical, everyday tasks you will face when creating and maintaining WordPress websites.

This easy-to-use, friendly guide will show you how to create
...

Cybersecurity Law
Cybersecurity Law

A definitive guide to cybersecurity law

Expanding on the author’s experience as a cybersecurity lawyer and law professor, Cybersecurity Law is the definitive guide to cybersecurity law, with an in-depth analysis of U.S. and international laws that apply to data security, data breaches, sensitive information...


Hacking the Hacker: Learn From the Experts Who Take Down Hackers
Hacking the Hacker: Learn From the Experts Who Take Down Hackers

Meet the world's top ethical hackers and explore the tools of the trade

Hacking the Hacker takes you inside the world of cybersecurity to show you what goes on behind the scenes, and introduces you to the men and women on the front lines of this technological arms race. Twenty-six of the world's top white hat...

Metasploit Penetration Testing Cookbook - Third Edition: Evade antiviruses, bypass firewalls, and exploit complex environments with the most widely used penetration testing framework
Metasploit Penetration Testing Cookbook - Third Edition: Evade antiviruses, bypass firewalls, and exploit complex environments with the most widely used penetration testing framework

Over 100 recipes for penetration testing using Metasploit and virtual machines

Key Features

  • Special focus on the latest operating systems, exploits, and penetration testing techniques
  • Learn new anti-virus evasion techniques and use Metasploit to evade countermeasures
  • ...
Advanced Infrastructure Penetration Testing: Defend your systems from methodized and proficient attackers
Advanced Infrastructure Penetration Testing: Defend your systems from methodized and proficient attackers

A highly detailed guide to performing powerful attack vectors in many hands-on scenarios and defending significant security flaws in your company's infrastructure

Key Features

  • Advanced exploitation techniques to breach modern operating systems and complex network devices
  • ...
©2019 LearnIT (support@pdfchm.net) - Privacy Policy