Home | Amazing | Today | Tags | Publishers | Years | Account | Search 
Mastering Modern Web Penetration Testing

Buy

Key Features

  • This book covers the latest technologies such as Advance XSS, XSRF, SQL Injection, Web API testing, XML attack vectors, OAuth 2.0 Security, and more involved in today's web applications
  • Penetrate and secure your web application using various techniques
  • Get this comprehensive reference guide that provides advanced tricks and tools of the trade for seasoned penetration testers

Book Description

Web penetration testing is a growing, fast-moving, and absolutely critical field in information security. This book executes modern web application attacks and utilises cutting-edge hacking techniques with an enhanced knowledge of web application security.

We will cover web hacking techniques so you can explore the attack vectors during penetration tests. The book encompasses the latest technologies such as OAuth 2.0, Web API testing methodologies and XML vectors used by hackers. Some lesser discussed attack vectors such as RPO (relative path overwrite), DOM clobbering, PHP Object Injection and etc. has been covered in this book.

We'll explain various old school techniques in depth such as XSS, CSRF, SQL Injection through the ever-dependable SQLMap and reconnaissance.

Websites nowadays provide APIs to allow integration with third party applications, thereby exposing a lot of attack surface, we cover testing of these APIs using real-life examples.

This pragmatic guide will be a great benefit and will help you prepare fully secure applications.

What you will learn

  • Get to know the new and less-publicized techniques such PHP Object Injection and XML-based vectors
  • Work with different security tools to automate most of the redundant tasks
  • See different kinds of newly-designed security headers and how they help to provide security
  • Exploit and detect different kinds of XSS vulnerabilities
  • Protect your web application using filtering mechanisms
  • Understand old school and classic web hacking in depth using SQL Injection, XSS, and CSRF
  • Grasp XML-related vulnerabilities and attack vectors such as XXE and DoS techniques
  • Get to know how to test REST APIs to discover security issues in them

About the Author

Prakhar Prasad is a web application security researcher and penetration tester from India. He has been a successful participant in various bug bounty programs and has discovered security flaws on websites such as Google, Facebook, Twitter, PayPal, Slack, and many more. He secured the tenth position worldwide in the year 2014 at HackerOne's platform. He is OSCP and OSWP certified, which are some of the most widely respected certifications in the information security industry. He occasionally performs training and security assessment for various government, non-government, and educational organizations.

Table of Contents

  1. Common Security Protocols
  2. Information Gathering
  3. Cross-Site Scripting
  4. Cross-Site Request Forgery
  5. Exploiting SQL Injection
  6. File Upload Vulnerabilities
  7. Metasploit and Web
  8. XML Attacks
  9. Emerging Attack Vectors
  10. OAuth 2.0 Security
  11. API Testing Methodology
(HTML tags aren't allowed.)

Penetration Testing Bootcamp
Penetration Testing Bootcamp

Key Features

  • Get practical demonstrations with in-depth explanations of complex security-related problems
  • Familiarize yourself with the most common web vulnerabilities
  • Get step-by-step guidance on managing testing results and reporting

Book Description

...

Learning Reactive Programming With Java 8
Learning Reactive Programming With Java 8

Learn how to use RxJava and its reactive Observables to build fast, concurrent, and powerful applications through detailed examples

About This Book

  • Learn about Java 8's lambdas and what reactive programming is all about, and how these aspects are utilized by RxJava
  • Build fast and...
Elasticsearch: A Complete Guide
Elasticsearch: A Complete Guide

End-to-end Search and Analytics

About This Book

  • Solve your data analytics problems with the Elastic Stack
  • Improve your user search experience with Elasticsearch and develop your own Elasticsearch plugins
  • Design your index, configure it, and distribute it ― you'll...

Reactive Programming with Angular and ngrx: Learn to Harness the Power of Reactive Programming with RxJS and ngrx Extensions
Reactive Programming with Angular and ngrx: Learn to Harness the Power of Reactive Programming with RxJS and ngrx Extensions

Manage your Angular development using Reactive programming. Growing in popularity and now an essential part of any professional web developer's toolkit, Reactive programming can enrich your development and make your code more efficient.

Featuring a core application to explore and build yourself, this book shows you...

From Hacking to Report Writing: An Introduction to Security and Penetration Testing
From Hacking to Report Writing: An Introduction to Security and Penetration Testing

Learn everything you need to know to become a professional security and penetration tester. It simplifies hands-on security and penetration testing by breaking down each step of the process so that finding vulnerabilities and misconfigurations becomes easy. The book explains how to methodically locate, exploit, and professionally...

Gamification by Design: Implementing Game Mechanics in Web and Mobile Apps
Gamification by Design: Implementing Game Mechanics in Web and Mobile Apps

Gamification may be a new term, but the idea of using game-thinking and game mechanics to solve problems and engage audiences isn’t exactly new. The military has been using games and simulations for hundreds (if not thousands) of years, and the U.S. military has been a pioneer in the use of video games across branches. Three...

©2019 LearnIT (support@pdfchm.net) - Privacy Policy