舉報 
會員
Learning Python Web Penetration Testing
Webpenetrationtestingistheuseoftoolsandcodetoattackawebsiteorwebappinordertoassessitsvulnerabilitytoexternalthreats.Whilethereareanincreasingnumberofsophisticated,ready-madetoolstoscansystemsforvulnerabilities,theuseofPythonallowsyoutowritesystem-specificscripts,oralterandextendexistingtestingtoolstofind,exploit,andrecordasmanysecurityweaknessesaspossible.LearningPythonWebPenetrationTestingwillwalkyouthroughthewebapplicationpenetrationtestingmethodology,showingyouhowtowriteyourowntoolswithPythonforeachactivitythroughouttheprocess.ThebookbeginsbyemphasizingtheimportanceofknowinghowtowriteyourowntoolswithPythonforwebapplicationpenetrationtesting.YouwillthenlearntointeractwithawebapplicationusingPython,understandtheanatomyofanHTTPrequest,URL,headersandmessagebody,andlatercreateascripttoperformarequest,andinterprettheresponseanditsheaders.Asyoumakeyourwaythroughthebook,youwillwriteawebcrawlerusingPythonandtheScrappylibrary.Thebookwillalsohelpyoutodevelopatooltoperformbruteforceattacksindifferentpartsofthewebapplication.YouwillthendiscovermoreondetectingandexploitingSQLinjectionvulnerabilities.Bytheendofthisbook,youwillhavesuccessfullycreatedanHTTPproxybasedonthemitmproxytool.
目錄(93章)
倒序
- 封面
- 版權信息
- Packt Upsell
- Why subscribe?
- PacktPub.com
- Contributor
- About the author
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the example code files
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Introduction to Web Application Penetration Testing
- Understanding the web application penetration testing process
- Typical web application toolkit
- HTTP Proxy
- Crawlers and spiders
- Vulnerability scanners
- Brute forces/predictable resource locators
- Specific task tools
- Testing environment
- Summary
- Interacting with Web Applications
- HTTP protocol basics
- What is HTTP and how it works?
- Anatomy of an HTTP request
- HTTP headers
- GET request
- Interacting with a web app using the requests library
- Requests library
- Our first script
- Setting headers
- Analyzing HTTP responses
- HTTP codes
- Summary
- Web Crawling with Scrapy – Mapping the Application
- Web application mapping
- Creating our own crawler/spider with Scrapy
- Starting with Scrapy
- Making our crawler recursive
- Scraping interesting stuff
- Summary
- Resources Discovery
- What is resource discovery?
- Building our first BruteForcer
- Analysing the results
- Adding more information
- Entering the hash of the response content
- Taking screenshots of the findings
- Summary
- Password Testing
- How password attacks work
- Password cracking
- Password policies and account locking
- Our first password BruteForcer
- Basic authentication
- Creating the password cracker
- Adding support for digest authentication
- What is digest authentication?
- Adding digest authentication to our script
- Form-based authentication
- Form-based authentication overview
- Summary
- Detecting and Exploiting SQL Injection Vulnerabilities
- Introduction to SQL injection
- SQLi versus blind SQLi
- Detecting SQL injection issues
- Methods for detecting SQLi
- Automating the detection
- Exploiting a SQL injection to extract data
- What data can we extract with an SQLi?
- Automating basic extractions
- Advanced SQLi exploiting
- Summary
- Intercepting HTTP Requests
- HTTP proxy anatomy
- What is an HTTP proxy?
- Why do we need a proxy?
- Types of HTTP proxy
- Introduction to mitmproxy
- Why mitmproxy?
- Manipulating HTTP requests
- Inline scripts
- Automating SQLi in mitmproxy
- SQLi process
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-25 20:55:02
推薦閱讀
- 基于免疫進化的算法及應用研究
- 精通Linux(第2版)
- Mathematica Data Analysis
- Python忍者秘籍
- Kotlin編程實戰:創建優雅、富于表現力和高性能的JVM與Android應用程序
- C#程序設計(項目教學版)
- Oracle GoldenGate 12c Implementer's Guide
- Python Machine Learning Blueprints:Intuitive data projects you can relate to
- 零基礎學C語言(升級版)
- 零基礎學Java第2版
- Getting Started with JUCE
- Flutter之旅
- ASP.NET Core 2 High Performance(Second Edition)
- Learning Zimbra Server Essentials
- HTML 5與CSS 3權威指南(第4版·下冊)
- 網頁設計理論與實踐
- Pentaho Analytics for MongoDB Cookbook
- Magento 2 Development Essentials
- 零基礎學:微信小程序開發
- Clojure編程實戰(原書第2版)
- 股票多因子模型實戰:Python核心代碼解析
- 基于Eclipse平臺的JSP應用教程(第2版)
- Getting Started with Zurb Foundation 4
- PHP 5完全攻略
- 自動化測試實戰:基于TestNG/JUnit/Robot Framework/Selenium
- 網絡安全Java代碼審計實戰
- Java程序設計教程(第2版)
- 計算思維之程序設計
- Neural Networks with Keras Cookbook
- Mastering Angular 2 Components
