Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web Sites and Applications

Sinha, Sanjib

  • 出版商: Apress
  • 出版日期: 2019-11-13
  • 售價: $1,680
  • 貴賓價: 9.5$1,596
  • 語言: 英文
  • 頁數: 225
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1484253906
  • ISBN-13: 9781484253908
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

商品描述

Start with the basics of bug hunting and learn more about implementing an offensive approach by finding vulnerabilities in web applications. Getting an introduction to Kali Linux, you will take a close look at the types of tools available to you and move on to set up your virtual lab. You will then discover how request forgery injection works on web pages and applications in a mission-critical setup. Moving on to the most challenging task for any web application, you will take a look at how cross-site scripting works and find out about effective ways to exploit it.

You will then learn about header injection and URL redirection along with key tips to find vulnerabilities in them. Keeping in mind how attackers can deface your website, you will work with malicious files and automate your approach to defend against these attacks. Moving on to Sender Policy Framework (SPF), you will see tips to find vulnerabilities in it and exploit them. Following this, you will get to know how unintended XML injection and command injection work to keep attackers at bay. Finally, you will examine different attack vectors used to exploit HTML and SQL injection. Overall, Bug Bounty Hunting for Web Security will help you become a better penetration tester and at the same time it will teach you how to earn bounty by hunting bugs in web applications.

What You Will Learn

  • Implement an offensive approach to bug hunting
  • Create and manage request forgery on web pages
  • Poison Sender Policy Framework and exploit it
  • Defend against cross-site scripting (XSS) attacks
  • Inject headers and test URL redirection
  • Work with malicious files and command injection
  • Resist strongly unintended XML attacks

Who This Book Is For
White-hat hacking enthusiasts who are new to bug hunting and are interested in understanding the core concepts.

商品描述(中文翻譯)

從基礎的漏洞獵殺開始,並進一步學習如何在網絡應用程序中實施攻擊性方法,找到漏洞。首先介紹Kali Linux,您將仔細研究可用工具的類型,然後設置虛擬實驗室。接下來,您將了解到在關鍵任務設置中,請求偽造注入在網頁和應用程序中的工作原理。然後,您將深入研究任何網絡應用程序最具挑戰性的任務,即跨站腳本攻擊,並找到有效的利用方法。

您還將學習標頭注入和URL重定向,以及發現其中漏洞的關鍵提示。考慮到攻擊者可能破壞您的網站,您將使用惡意文件並自動化您的防禦方法來對抗這些攻擊。接下來,您將了解發送者策略框架(SPF),並找到其中的漏洞並利用它們的技巧。在此之後,您將了解非預期的XML注入和命令注入如何工作,以防止攻擊者入侵。最後,您將研究不同的攻擊向量,用於利用HTML和SQL注入。總的來說,《網絡安全漏洞獵殺》將幫助您成為一名更好的滲透測試人員,同時教您如何通過獵殺網絡應用程序中的漏洞來賺取獎金。

您將學到什麼:
- 實施攻擊性的漏洞獵殺方法
- 在網頁上創建和管理請求偽造
- 毒化發送者策略框架並利用它
- 防禦跨站腳本(XSS)攻擊
- 注入標頭並測試URL重定向
- 使用惡意文件和命令注入
- 抵抗非預期的XML攻擊

適合對象:
對於新手漏洞獵殺者和對核心概念感興趣的白帽駭客愛好者。

作者簡介

Sanjib Sinha is an author and tech writer. Being a certified .NET Windows and web developer, he has specialized in Python security programming, Linux, and many programming languages that include C#, PHP, Python, Dart, Java, and JavaScript. Sanjib has also won Microsoft's Community Contributor Award in 2011 and he has written Beginning Ethical Hacking with Python, Beginning Ethical Hacking with Kali Linux, and two editions of Beginning Laravel for Apress.

作者簡介(中文翻譯)

Sanjib Sinha是一位作家和技術作家。作為一名經過認證的.NET Windows和Web開發人員,他專攻於Python安全編程、Linux以及包括C#、PHP、Python、Dart、Java和JavaScript在內的多種編程語言。Sanjib還在2011年獲得了微軟的社區貢獻者獎,並為Apress出版了《用Python開始道德黑客》、《用Kali Linux開始道德黑客》和兩個版本的《用Laravel開始》。