舉報 
會員
Becoming the Hacker
最新章節:
Index
BecomingtheHackerwillteachyouhowtoapproachwebpenetrationtestingwithanattacker'smindset.Whiletestingwebapplicationsforperformanceiscommon,theever-changingthreatlandscapemakessecuritytestingmuchmoredifficultforthedefender.Therearemanywebapplicationtoolsthatclaimtoprovideacompletesurveyanddefenseagainstpotentialthreats,buttheymustbeanalyzedinlinewiththesecurityneedsofeachwebapplicationorservice.Wemustunderstandhowanattackerapproachesawebapplicationandtheimplicationsofbreachingitsdefenses.Throughthefirstpartofthebook,AdrianPruteanuwalksyouthroughcommonlyencounteredvulnerabilitiesandhowtotakeadvantageofthemtoachieveyourgoal.Thelatterpartofthebookshiftsgearsandputsthenewlylearnedtechniquesintopractice,goingoverscenarioswherethetargetmaybeapopularcontentmanagementsystemoracontainerizedapplicationanditsnetwork.BecomingtheHackerisaclearguidetowebapplicationsecurityfromanattacker'spointofview,fromwhichbothsidescanbenefit.
目錄(92章)
倒序
- 封面
- 版權頁
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Get in touch
- Chapter 1. Introduction to Attacking Web Applications
- Rules of engagement
- The tester's toolkit
- The attack proxy
- Cloud infrastructure
- Resources
- Exercises
- Summary
- Chapter 2. Efficient Discovery
- Types of assessments
- Target mapping
- Efficient brute-forcing
- Polyglot payloads
- Resources
- Exercises
- Summary
- Chapter 3. Low-Hanging Fruit
- Network assessment
- A better way to shell
- Cleaning up
- Resources
- Summary
- Chapter 4. Advanced Brute-forcing
- Password spraying
- Behind seven proxies
- Summary
- Chapter 5. File Inclusion Attacks
- RFI
- LFI
- File inclusion to remote code execution
- More file upload issues
- Summary
- Chapter 6. Out-of-Band Exploitation
- A common scenario
- Command and control
- Let’s Encrypt Communication
- INet simulation
- The confirmation
- Async data exfiltration
- Data inference
- Summary
- Chapter 7. Automated Testing
- Extending Burp
- Obfuscating code
- Burp Collaborator
- Summary
- Chapter 8. Bad Serialization
- Abusing deserialization
- Attacking custom protocols
- Summary
- Chapter 9. Practical Client-Side Attacks
- SOP
- Cross-origin resource sharing
- XSS
- CSRF
- BeEF
- Summary
- Chapter 10. Practical Server-Side Attacks
- Internal and external references
- XXE attacks
- Summary
- Chapter 11. Attacking APIs
- API communication protocols
- API authentication
- Postman
- Attack considerations
- Summary
- Chapter 12. Attacking CMS
- Application assessment
- Backdooring the code
- Summary
- Chapter 13. Breaking Containers
- Vulnerable Docker scenario
- Foothold
- Situational awareness
- Container breakout
- Summary
- Leave a review - let other readers know what you think
- Index 更新時間:2021-06-11 13:39:21
推薦閱讀
- RESTful Java Web Services Security
- 電子支付的規制結構配置研究
- Preventing Digital Extortion
- 代碼審計:企業級Web代碼安全架構
- 防火墻技術與應用(第2版)
- Learning Devise for Rails
- 網絡空間安全實驗
- API安全技術與實戰
- 信息安全等級保護測評與整改指導手冊
- Mastering Linux Security and Hardening
- 復雜信息系統網絡安全體系建設指南
- Web代碼安全漏洞深度剖析
- 網絡空間安全實戰基礎
- 安全網絡構建
- 網絡入侵檢測系統原理與應用
- 互聯網域名國際化與安全技術導論
- 精通Metasploit滲透測試(第3版)
- Web應用安全威脅與防治
- Burp Suite Essentials
- 電腦黑客攻防技巧
- Microsoft Forefront Identity Manager 2010 R2 Handbook
- Building Virtual Pentesting Labs for Advanced Penetration Testing
- 構建可信白環境:方法與實踐
- App安全實戰指南:Android和iOS App的安全攻防與合規
- Kali Linux 2018:Assuring Security by Penetration Testing
- FreeRTOS內核實現與應用開發實戰指南:基于STM32
- 體育賽事信息化與網絡安全
- 物聯網安全與隱私保護
- 身邊的網絡安全:互聯網時代的生活安全攻略
- DevSecOps原理、核心技術與實戰
