舉報 
會員
Becoming the Hacker
最新章節:
Index
BecomingtheHackerwillteachyouhowtoapproachwebpenetrationtestingwithanattacker'smindset.Whiletestingwebapplicationsforperformanceiscommon,theever-changingthreatlandscapemakessecuritytestingmuchmoredifficultforthedefender.Therearemanywebapplicationtoolsthatclaimtoprovideacompletesurveyanddefenseagainstpotentialthreats,buttheymustbeanalyzedinlinewiththesecurityneedsofeachwebapplicationorservice.Wemustunderstandhowanattackerapproachesawebapplicationandtheimplicationsofbreachingitsdefenses.Throughthefirstpartofthebook,AdrianPruteanuwalksyouthroughcommonlyencounteredvulnerabilitiesandhowtotakeadvantageofthemtoachieveyourgoal.Thelatterpartofthebookshiftsgearsandputsthenewlylearnedtechniquesintopractice,goingoverscenarioswherethetargetmaybeapopularcontentmanagementsystemoracontainerizedapplicationanditsnetwork.BecomingtheHackerisaclearguidetowebapplicationsecurityfromanattacker'spointofview,fromwhichbothsidescanbenefit.
目錄(92章)
倒序
- 封面
- 版權頁
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Get in touch
- Chapter 1. Introduction to Attacking Web Applications
- Rules of engagement
- The tester's toolkit
- The attack proxy
- Cloud infrastructure
- Resources
- Exercises
- Summary
- Chapter 2. Efficient Discovery
- Types of assessments
- Target mapping
- Efficient brute-forcing
- Polyglot payloads
- Resources
- Exercises
- Summary
- Chapter 3. Low-Hanging Fruit
- Network assessment
- A better way to shell
- Cleaning up
- Resources
- Summary
- Chapter 4. Advanced Brute-forcing
- Password spraying
- Behind seven proxies
- Summary
- Chapter 5. File Inclusion Attacks
- RFI
- LFI
- File inclusion to remote code execution
- More file upload issues
- Summary
- Chapter 6. Out-of-Band Exploitation
- A common scenario
- Command and control
- Let’s Encrypt Communication
- INet simulation
- The confirmation
- Async data exfiltration
- Data inference
- Summary
- Chapter 7. Automated Testing
- Extending Burp
- Obfuscating code
- Burp Collaborator
- Summary
- Chapter 8. Bad Serialization
- Abusing deserialization
- Attacking custom protocols
- Summary
- Chapter 9. Practical Client-Side Attacks
- SOP
- Cross-origin resource sharing
- XSS
- CSRF
- BeEF
- Summary
- Chapter 10. Practical Server-Side Attacks
- Internal and external references
- XXE attacks
- Summary
- Chapter 11. Attacking APIs
- API communication protocols
- API authentication
- Postman
- Attack considerations
- Summary
- Chapter 12. Attacking CMS
- Application assessment
- Backdooring the code
- Summary
- Chapter 13. Breaking Containers
- Vulnerable Docker scenario
- Foothold
- Situational awareness
- Container breakout
- Summary
- Leave a review - let other readers know what you think
- Index 更新時間:2021-06-11 13:39:21
推薦閱讀
- INSTANT Burp Suite Starter
- 工業物聯網安全
- .NET安全攻防指南(上冊)
- 從0到1:CTFer成長之路
- Advanced Penetration Testing for Highly:Secured Environments(Second Edition)
- 安全防御入門手冊
- CTF那些事兒
- 先進云安全研究與實踐
- 復雜信息系統網絡安全體系建設指南
- Web代碼安全漏洞深度剖析
- 動態賦能網絡空間防御
- BeagleBone for Secret Agents
- Hands-On Bug Hunting for Penetration Testers
- ATT&CK框架實踐指南(第2版)
- 大話數據恢復
- 網警說安全:網絡陷阱防范110招
- 信息安全風險評估手冊(第2版)
- 業務安全關鍵技術與應用實踐
- Web應用漏洞掃描產品原理與應用
- 網絡安全評估標準實用手冊
- Microsoft Forefront Identity Manager 2010 R2 Handbook
- 社會工程:安全體系中的人性漏洞
- 黑客大曝光:惡意軟件和Rootkit安全(原書第2版)
- Hands-On Penetration Testing on Windows
- 可信計算標準導論
- 巧學活用網絡安全與維護
- 工業互聯網安全:架構與防御(網絡空間安全技術叢書)
- 大數據安全治理與防范:流量反欺詐實戰
- 維護網絡空間安全:中國網絡安全法解讀
- 動手學差分隱私
