Real-World Bug Hunting: A Field Guide to Web Hacking
暫譯: 實戰漏洞狩獵:網路駭客實用指南
Yaworski, Peter
- 出版商: No Starch Press
- 出版日期: 2019-07-09
- 售價: $1,400
- 貴賓價: 9.5 折 $1,330
- 語言: 英文
- 頁數: 256
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1593278616
- ISBN-13: 9781593278618
-
相關分類:
駭客 Hack
-
相關翻譯:
Web 漏洞搜索 (Real-World Bug Hunting : A Field Guide to Web Hacking) (簡中版)
Web Hacking 現場指南:真實世界抓漏和獵蟲的賞金之旅 (Real-World Bug Hunting: A Field Guide to Web Hacking) (繁中版)
立即出貨 (庫存 < 3)
買這商品的人也買了...
-
易讀程式之美學-提升程式碼可讀性的簡單法則 (The Art of Readable Code)$480$408 -
$1,575Penetration Testing: A Hands-On Introduction to Hacking (Paperback) -
$199編程珠璣, 2/e (修訂版) (Programming Pearls, 2/e) -
Android Hacker's Handbook 駭客攻防聖經 (Android Hacker's Handbook)$690$538 -
The Browser Hacker's Handbook 駭客攻防聖經 (The Browser Hacker's Handbook)$690$538 -
Grokking Algorithms: An illustrated guide for programmers and other curious people (Paperback)$1,730$1,644 -
Python 絕技:運用 Python 成為頂級駭客 (Violent Python : A Cookbook for Hacker, Forensic Analysis, Penetration Testers and Security Engineers)$474$450 -
$357漏洞戰爭:軟件漏洞分析精要 -
寫程式前就該懂的演算法 ─ 資料分析與程式設計人員必學的邏輯思考術 (Grokking Algorithms: An illustrated guide for programmers and other curious people)$390$257 -
無瑕的程式碼-整潔的軟體設計與架構篇 (Clean Architecture: A Craftsman's Guide to Software Structure and Design)$580$452 -
$505大師訪談錄:成就非凡的軟件人生 -
Malware Data Science: Attack Detection and Attribution$1,700$1,615 -
Web API 建構與設計 (Designing Web APIs: Building APIs That Developers Love)$480$379 -
Working Effectively with Legacy Code : 管理、修改、重構遺留程式碼的藝術 (中文版)$720$562 -
$505內網安全攻防 : 滲透測試實戰指南 -
機器學習的數學基礎 : AI、深度學習打底必讀$580$458 -
非監督式學習|使用 Python (Hands-On Unsupervised Learning Using Python)$680$537 -
$403黑客秘笈 : 滲透測試實用指南, 3/e (The Hacker Playbook 3: Practical Guide To Penetration Testing) -
Web Security for Developers$1,045$990 -
網絡安全防禦實戰 — 藍軍武器庫$408$388 -
駭客廝殺不講武德:CTF 強者攻防大戰直擊$1,000$850 -
Windows APT Warfare:惡意程式前線戰術指南$600$468 -
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities (Paperback)$1,800$1,710 -
設計重構:25個管理技術債的技巧消除軟體設計臭味 (Refactoring for Software Design Smells: Managing Technical Debt)$520$406 -
CISSP 信息系統安全專家認證 All-in-One, 9/e$1,368$1,300
相關主題
商品描述
Uses real-world bug reports (vulnerabilities in software or in this case web applications) to teach programmers and InfoSec professionals how to discover and protect vulnerabilities in web applications.
Real-World Bug Hunting is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualizes them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks. As you read each report, you'll gain deeper insight into how the vulnerabilities work and how you might find similar ones.
Each chapter begins with an explanation of a vulnerability type, then moves into a series of real bug bounty reports that show how the bugs were found. You'll learn things like how Cross-Site Request Forgery tricks users into unknowingly submitting information to websites they are logged into; how to pass along unsafe JavaScript to execute Cross-Site Scripting; how to access another user's data via Insecure Direct Object References; how to trick websites into disclosing information with Server Side Request Forgeries; and how bugs in application logic can lead to pretty serious vulnerabilities. Yaworski also shares advice on how to write effective vulnerability reports and develop relationships with bug bounty programs, as well as recommends hacking tools that can make the job a little easier.
商品描述(中文翻譯)
使用真實世界的錯誤報告(軟體或在這個案例中是網路應用程式中的漏洞)來教導程式設計師和資訊安全專業人員如何發現和保護網路應用程式中的漏洞。
真實世界的錯誤狩獵 是一本尋找軟體錯誤的實用指南。道德駭客彼得·雅沃斯基(Peter Yaworski)分析了常見的錯誤類型,然後用駭客在 Twitter、Facebook、Google、Uber 和 Starbucks 等公司發布的真實漏洞獎勵報告來進行背景說明。當你閱讀每一份報告時,你將更深入了解這些漏洞的運作方式,以及你可能如何找到類似的漏洞。
每一章都以漏洞類型的解釋開始,然後進入一系列真實的漏洞獎勵報告,展示這些錯誤是如何被發現的。你將學到例如如何利用跨站請求偽造(Cross-Site Request Forgery)來欺騙用戶不知情地向他們已登入的網站提交資訊;如何傳遞不安全的 JavaScript 以執行跨站腳本攻擊(Cross-Site Scripting);如何通過不安全的直接物件參考(Insecure Direct Object References)訪問其他用戶的數據;如何利用伺服器端請求偽造(Server Side Request Forgery)來欺騙網站披露資訊;以及應用邏輯中的錯誤如何導致相當嚴重的漏洞。雅沃斯基還分享了如何撰寫有效漏洞報告的建議,並發展與漏洞獎勵計畫的關係,還推薦了一些可以讓工作變得稍微輕鬆的駭客工具。
作者簡介
Peter Yaworski is a self-taught developer and ethical hacker who began building websites exclusively with Drupal. Since then, he has expanded his interest to Rails, Android app development, and software security, while producing over 100 video tutorials and interviews on YouTube covering ethical hacking, web development, and Android to help teach others what he's learned. Peter continues to be an active bug bounty participant with thanks from Shopify, HackerOne, Salesforce, Twitter, Starbucks and the US Department of Defense among others.
作者簡介(中文翻譯)
彼得·雅沃斯基(Peter Yaworski)是一位自學成才的開發者和道德駭客,他最初專注於使用 Drupal 建立網站。此後,他將興趣擴展到 Rails、Android 應用程式開發和軟體安全,並在 YouTube 上製作了超過 100 部有關道德駭客、網頁開發和 Android 的視頻教程和訪談,以幫助教導他所學到的知識。彼得仍然是一位活躍的漏洞獎勵計畫參與者,並獲得了 Shopify、HackerOne、Salesforce、Twitter、Starbucks 和美國國防部等多個機構的感謝。
