Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web Sites and Applications
暫譯: 網路安全的漏洞獵捕:發現並利用網站和應用程式中的漏洞

Sinha, Sanjib

Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web Sites and Applications
  • 出版商: Apress
  • 出版日期: 2019-11-13
  • 售價: $2,040
  • 貴賓價: 9.5$1,938
  • 語言: 英文
  • 頁數: 225
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1484253906
  • ISBN-13: 9781484253908
  • 相關分類: 資訊安全

    • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

相關主題

商品描述

Start with the basics of bug hunting and learn more about implementing an offensive approach by finding vulnerabilities in web applications. Getting an introduction to Kali Linux, you will take a close look at the types of tools available to you and move on to set up your virtual lab. You will then discover how request forgery injection works on web pages and applications in a mission-critical setup. Moving on to the most challenging task for any web application, you will take a look at how cross-site scripting works and find out about effective ways to exploit it.

You will then learn about header injection and URL redirection along with key tips to find vulnerabilities in them. Keeping in mind how attackers can deface your website, you will work with malicious files and automate your approach to defend against these attacks. Moving on to Sender Policy Framework (SPF), you will see tips to find vulnerabilities in it and exploit them. Following this, you will get to know how unintended XML injection and command injection work to keep attackers at bay. Finally, you will examine different attack vectors used to exploit HTML and SQL injection. Overall, Bug Bounty Hunting for Web Security will help you become a better penetration tester and at the same time it will teach you how to earn bounty by hunting bugs in web applications.

What You Will Learn

  • Implement an offensive approach to bug hunting
    • Create and manage request forgery on web pages
  • Poison Sender Policy Framework and exploit it
    • Defend against cross-site scripting (XSS) attacks
  • Inject headers and test URL redirection
    • Work with malicious files and command injection
  • Resist strongly unintended XML attacks

Who This Book Is For
White-hat hacking enthusiasts who are new to bug hunting and are interested in understanding the core concepts.

商品描述(中文翻譯)

開始學習漏洞獵捕的基本知識,並了解如何透過發現網頁應用程式中的漏洞來實施攻擊性的方法。在介紹 Kali Linux 之後,您將仔細了解可用的工具類型,並開始設置您的虛擬實驗室。接著,您將發現請求偽造注入在關鍵任務環境中的網頁和應用程式上是如何運作的。接下來,您將面對任何網頁應用程式中最具挑戰性的任務,了解跨站腳本(cross-site scripting, XSS)是如何運作的,並找出有效的利用方式。

然後,您將學習標頭注入和 URL 重新導向,並獲得尋找這些漏洞的關鍵提示。考慮到攻擊者如何破壞您的網站,您將處理惡意檔案並自動化您的防禦方法以抵禦這些攻擊。接下來,您將了解發件人政策框架(Sender Policy Framework, SPF),並看到尋找其漏洞和利用它的提示。隨後,您將了解意外的 XML 注入和命令注入是如何運作的,以防止攻擊者的侵害。最後,您將檢視用於利用 HTML 和 SQL 注入的不同攻擊向量。總體而言,Bug Bounty Hunting for Web Security 將幫助您成為更好的滲透測試者,同時教您如何透過在網頁應用程式中獵捕漏洞來賺取獎金。

您將學到什麼


  • 實施攻擊性漏洞獵捕的方法

  • 在網頁上創建和管理請求偽造

  • 毒化發件人政策框架並利用它

  • 防禦跨站腳本(XSS)攻擊

  • 注入標頭並測試 URL 重新導向

  • 處理惡意檔案和命令注入

  • 強烈抵抗意外的 XML 攻擊



本書適合誰
對漏洞獵捕感興趣的白帽駭客愛好者,特別是對理解核心概念的新手。

作者簡介

Sanjib Sinha is an author and tech writer. Being a certified .NET Windows and web developer, he has specialized in Python security programming, Linux, and many programming languages that include C#, PHP, Python, Dart, Java, and JavaScript. Sanjib has also won Microsoft's Community Contributor Award in 2011 and he has written Beginning Ethical Hacking with Python, Beginning Ethical Hacking with Kali Linux, and two editions of Beginning Laravel for Apress.

作者簡介(中文翻譯)

Sanjib Sinha 是一位作者和技術作家。作為一名認證的 .NET Windows 和網頁開發者,他專注於 Python 安全程式設計、Linux,以及多種程式語言,包括 C#、PHP、Python、Dart、Java 和 JavaScript。Sanjib 於 2011 年獲得微軟的社區貢獻者獎,他為 Apress 撰寫了《Beginning Ethical Hacking with Python》、《Beginning Ethical Hacking with Kali Linux》以及兩版《Beginning Laravel》。

類似商品