Attacking and Exploiting Modern Web Applications

Download or Read eBook Attacking and Exploiting Modern Web Applications PDF written by Simone Onofri and published by Packt Publishing Ltd. This book was released on 2023-08-25 with total page 338 pages. Available in PDF, EPUB and Kindle.
Attacking and Exploiting Modern Web Applications
Author :
Publisher : Packt Publishing Ltd
Total Pages : 338
Release :
ISBN-10 : 9781801811965
ISBN-13 : 1801811962
Rating : 4/5 (65 Downloads)

Book Synopsis Attacking and Exploiting Modern Web Applications by : Simone Onofri

Book excerpt: Master the art of web exploitation with real-world techniques on SAML, WordPress, IoT, ElectronJS, and Ethereum smart contracts Purchase of the print or Kindle book includes a free PDF eBook Key Features Learn how to detect vulnerabilities using source code, dynamic analysis, and decompiling binaries Find and exploit vulnerabilities such as SQL Injection, XSS, Command Injection, RCE, and Reentrancy Analyze real-world security incidents based on MITRE ATT&CK to understand the risk at the CISO level Book DescriptionWeb attacks and exploits pose an ongoing threat to the interconnected world. This comprehensive book explores the latest challenges in web application security, providing you with an in-depth understanding of hackers' methods and the practical knowledge and skills needed to effectively understand web attacks. The book starts by emphasizing the importance of mindset and toolset in conducting successful web attacks. You’ll then explore the methodologies and frameworks used in these attacks, and learn how to configure the environment using interception proxies, automate tasks with Bash and Python, and set up a research lab. As you advance through the book, you’ll discover how to attack the SAML authentication layer; attack front-facing web applications by learning WordPress and SQL injection, and exploit vulnerabilities in IoT devices, such as command injection, by going through three CTFs and learning about the discovery of seven CVEs. Each chapter analyzes confirmed cases of exploitation mapped with MITRE ATT&CK. You’ll also analyze attacks on Electron JavaScript-based applications, such as XSS and RCE, and the security challenges of auditing and exploiting Ethereum smart contracts written in Solidity. Finally, you’ll find out how to disclose vulnerabilities. By the end of this book, you’ll have enhanced your ability to find and exploit web vulnerabilities.What you will learn Understand the mindset, methodologies, and toolset needed to carry out web attacks Discover how SAML and SSO work and study their vulnerabilities Get to grips with WordPress and learn how to exploit SQL injection Find out how IoT devices work and exploit command injection Familiarize yourself with ElectronJS applications and transform an XSS to an RCE Discover how to audit Solidity’s Ethereum smart contracts Get the hang of decompiling, debugging, and instrumenting web applications Who this book is for This book is for anyone whose job role involves ensuring their organization's security – penetration testers and red teamers who want to deepen their knowledge of the current security challenges for web applications, developers and DevOps professionals who want to get into the mindset of an attacker; and security managers and CISOs looking to truly understand the impact and risk of web, IoT, and smart contracts. Basic knowledge of web technologies, as well as related protocols is a must.


Attacking and Exploiting Modern Web Applications Related Books

Attacking and Exploiting Modern Web Applications
Language: en
Pages: 338
Authors: Simone Onofri
Categories: Computers
Type: BOOK - Published: 2023-08-25 - Publisher: Packt Publishing Ltd

DOWNLOAD EBOOK

Master the art of web exploitation with real-world techniques on SAML, WordPress, IoT, ElectronJS, and Ethereum smart contracts Purchase of the print or Kindle
Web Application Security
Language: en
Pages: 330
Authors: Andrew Hoffman
Categories: Computers
Type: BOOK - Published: 2020-03-02 - Publisher: O'Reilly Media

DOWNLOAD EBOOK

While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking—until now. This
The Web Application Hacker's Handbook
Language: en
Pages: 770
Authors: Dafydd Stuttard
Categories: Computers
Type: BOOK - Published: 2011-03-16 - Publisher: John Wiley & Sons

DOWNLOAD EBOOK

This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-w
Mastering Modern Web Penetration Testing
Language: en
Pages: 298
Authors: Prakhar Prasad
Categories: Computers
Type: BOOK - Published: 2016-10-28 - Publisher: Packt Publishing Ltd

DOWNLOAD EBOOK

Master the art of conducting modern pen testing attacks and techniques on your web application before the hacker does! About This Book This book covers the late
The Tangled Web
Language: en
Pages: 324
Authors: Michal Zalewski
Categories: Computers
Type: BOOK - Published: 2011-11-15 - Publisher: No Starch Press

DOWNLOAD EBOOK

Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web ap