買這商品的人也買了...
-
趣學演算法|50種必學演算法的完美圖解與應用實作$580$493 -
Real-World Bug Hunting: A Field Guide to Web Hacking$1,360$1,292 -
$1,403Practices of the Python Pro -
$811Rust 權威指南 (The Rust Programming Language (Covers Rust 2018)) -
再強一點:用 Go語言完成六個大型專案$780$663 -
Introduction to Compiler Design: An Object-Oriented Approach Using Java(R)$1,520$1,444 -
Elasticsearch 權威指南$479$455 -
$1,485Network Programming with Go: Learn to Code Secure and Reliable Network Services from Scratch -
Python 技術者們 -- 實踐!帶你一步一腳印由初學到精通, 2/e$650$514 -
$505自動化測試實戰 -- 基於 TestNG \ JUnit \ Robot Framework \ Selenium -
Reinforcement Learning|強化學習深度解析 (繁體中文版) (Reinforcement Learning: An Introduction, 2/e)$1,200$948 -
Windows APT Warfare:惡意程式前線戰術指南$600$468 -
軟件架構設計 : 程序員向架構師轉型必備, 2/e$414$393 -
$653重學 Java 設計模式 -
$663算法訓練營:海量圖解 + 競賽刷題 (進階篇) -
$551瘋狂 Java 面試講義 — 數據結構、算法與技術素養 -
$1,485Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -
跟著 Docker 隊長,修練 22天就精通 - 搭配 20小時作者線上教學,無縫接軌 Microservices、Cloud-native、Serverless、DevOps 開發架構$880$695 -
設計重構:25個管理技術債的技巧消除軟體設計臭味 (Refactoring for Software Design Smells: Managing Technical Debt)$520$406 -
WebSecurity 網站滲透測試:Burp Suite 完全學習指南 (iT邦幫忙鐵人賽系列書)$600$468 -
Real-World Cryptography$1,980$1,881 -
Python 出神入化:Clean Coder 才懂的 Pythonic 技法,為你的程式碼畫龍點睛! (Clean Code in Python, 2/e)$720$562 -
Java 學習手冊, 5/e (Learning Java: An Introduction to Real-World Programming with Java, 5/e)$780$616 -
黑帽 Python|給駭客與滲透測試者的 Python 開發指南, 2/e (Black Hat Python : Python Programming for Hackers and Pentesters, 2/e)$450$356 -
Spring REST API 開發與測試指南|使用 Swagger、HATEOAS、JUnit、Mockito、PowerMock、Spring Test$580$458
商品描述
Start with the basics of bug hunting and learn more about implementing an offensive approach by finding vulnerabilities in web applications. Getting an introduction to Kali Linux, you will take a close look at the types of tools available to you and move on to set up your virtual lab. You will then discover how request forgery injection works on web pages and applications in a mission-critical setup. Moving on to the most challenging task for any web application, you will take a look at how cross-site scripting works and find out about effective ways to exploit it.
You will then learn about header injection and URL redirection along with key tips to find vulnerabilities in them. Keeping in mind how attackers can deface your website, you will work with malicious files and automate your approach to defend against these attacks. Moving on to Sender Policy Framework (SPF), you will see tips to find vulnerabilities in it and exploit them. Following this, you will get to know how unintended XML injection and command injection work to keep attackers at bay. Finally, you will examine different attack vectors used to exploit HTML and SQL injection. Overall, Bug Bounty Hunting for Web Security will help you become a better penetration tester and at the same time it will teach you how to earn bounty by hunting bugs in web applications.
What You Will Learn
- Implement an offensive approach to bug hunting Create and manage request forgery on web pages
- Poison Sender Policy Framework and exploit it Defend against cross-site scripting (XSS) attacks
- Inject headers and test URL redirection Work with malicious files and command injection
- Resist strongly unintended XML attacks
Who This Book Is For
White-hat hacking enthusiasts who are new to bug hunting and are interested in understanding the core concepts.
作者簡介
Sanjib Sinha is an author and tech writer. Being a certified .NET Windows and web developer, he has specialized in Python security programming, Linux, and many programming languages that include C#, PHP, Python, Dart, Java, and JavaScript. Sanjib has also won Microsoft's Community Contributor Award in 2011 and he has written Beginning Ethical Hacking with Python, Beginning Ethical Hacking with Kali Linux, and two editions of Beginning Laravel for Apress.
