舉報 
會員
Hands-On Bug Hunting for Penetration Testers
Joseph Marshall 著
更新時間:2021-07-16 17:54:01
開會員,本書免費讀 >
Bugbountieshavequicklybecomeacriticalpartofthesecurityeconomy.Thisbookshowsyouhowtechnicalprofessionalswithaninterestinsecuritycanbeginproductively—andprofitably—participatinginbugbountyprograms.YouwilllearnaboutSQli,NoSQLi,XSS,XXE,andotherformsofcodeinjection.You’llseehowtocreateCSRFPoCHTMLsnippets,howtodiscoverhiddencontent(andwhattodowithitonceit’sfound),andhowtocreatethetoolsforautomatedpentestingworkflows.Then,you’llformatallofthisinformationwithinthecontextofabugreportthatwillhavethegreatestchanceofearningyoucash.Withdetailedwalkthroughsthatcoverdiscovering,testing,andreportingvulnerabilities,thisbookisidealforaspiringsecurityprofessionals.Youshouldcomeawayfromthisworkwiththeskillsyouneedtonotonlyfindthebugsyou'relookingfor,butalsothebestbugbountyprogramstoparticipatein,andhowtogrowyourskillsmovingforwardinfreelancesecurityresearch.
最新章節
- Leave a review - let other readers know what you think
- Other Books You May Enjoy
- Chapter 13
- Chapter 12
- Chapter 11
- Chapter 10
品牌:中圖公司
上架時間:2021-07-16 17:31:37
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Leave a review - let other readers know what you think 更新時間:2021-07-16 17:54:01
- Other Books You May Enjoy
- Chapter 13
- Chapter 12
- Chapter 11
- Chapter 10
- Chapter 9
- Chapter 8
- Chapter 7
- Chapter 6
- Chapter 5
- Chapter 4
- Chapter 3
- Chapter 2
- Chapter 1
- Assessment
- Further Reading
- Questions
- Summary
- Zero-Day
- Workflow
- White Box Testing
- Vulnerability
- Submission Report
- Single-Origin Policy
- Security Posture
- Scope
- Safe Harbor
- Remote Code Execution (RCE)
- Red Team
- Rules of Engagement (RoE)
- Proof-of-Concept (PoC)
- Payload
- Passive Versus Active Scanning
- OSINT
- Known Component Vulnerabilities
- Google Dorks
- Fuzzing
- Fingerprinting
- Exploit
- Data Leakage
- Data Sanitation
- Data Exfiltration
- CORS
- Bug Bounty Programs
- Bugs
- Black Box Testing
- Attack Surface
- Attack Scenario
- Terminology
- Udemy Penetration Testing Classes
- The Infosec Institute Coursework
- Penetration Testing With Kali Linux
- Courses
- SANS AppSec Blog
- Zero Day Blog
- HighOn.Coffee
- Darknet
- Bugcrowd
- The SANS Institute
- Blogs
- Going Further
- Further Reading
- Questions
- Summary
- Rate-Limiting
- Server Information
- Outdated Browsers
- Physical Testing Findings
- Clickjacking and Clickjacking-Enabled Attacks
- Anonymous Form CSRF
- CSRF Logout
- Brute Forcing Authentication Systems
- BEAST (CVE-2011-3389) and Other SSL-Based Attacks
- The HTTP OPTIONS Method Enabled
- Weak or Easily Nypassed Captchas
- Other Common No-Payout Vulnerabilities
- Missing HttpOnly Cookie Flags
- Known Public Files
- HTTP Request Banners
- Emails
- Non-Critical Data Leaks – What Companies Don’t Care About
- Sandboxed and Self-XSS – Low-Threat XSS Varieties
- DoS/DDoS – The Denial-of-Service Problem
- Technical Requirements
- Other (Out of Scope) Vulnerabilities
- Further Reading
- Questions
- Summary
- Metasploit and Exploitation Frameworks
- Using Burp Pro to Generate a CSRF PoC
- SaaS-Specific Extensions
- Burp REST API
- Burp Notes
- Python Scripter
- Retire.js
- JSON Beautifier
- Burp Extensions
- Burp
- Brakeman
- Bandit
- Pytaint
- Source Code Analysis (White Box) Tools
- Kali Linux
- Awesome Web Security
- Exploit DB
- Pentesting Cheatsheet
- FuzzDB
- Resources
- SpiderFoot
- Wireshark
- Aircrack-ng
- nmap and python-nmap
- w3af
- Zed Attack Proxy
- Nikto
- Scanners
- A Quick Overview of Other Options – Nikto Kali Burp Extensions and More
- Paid Versus Free Editions – What Makes a Tool Worth It?
- Evaluating New Tools – What to Look For
- Technical Requirements
- Other Tools
- Further Reading
- Questions
- Summary
- GitHub
- Vulnerability Lab Archive
- Hackerone Hacktivity
- Example Submission Reports – Where to Look
- Maximizing Your Award – The Features That Pay
- Critical Information – What Your Report Needs
- Reproducing the Bug – How Your Submission Is Vetted
- Technical Requirements
- Formatting Your Report
- Further Reading
- Questions
- Summary
- Probing the Admin Page
- Checking for DEBUG = True
- Django – Strategies for the Python App
- Testing Cookie Data and Authentication
- Checking the Version for Particular Weaknesses
- Exploiting RESTful MVC Routing Patterns
- Ruby on Rails – Rubysec Tools and Tricks
- Burp and WPScan
- WPScan as a Dockerized CLI
- WordPress – Using WPScan
- Known Component Vulnerabilities and CVEs – A Quick Refresher
- Technical Requirements
- Framework and Application-Specific Vulnerabilities
- Further Reading
- Questions
- Summary
- Final Report
- Gathering Report Information
- Data Leakage – An End-to-End Example
- Using Burp to Uncover Hidden Fields
- Preliminary Code Analysis
- Unmasking Hidden Content – How to Pull the Curtains Back
- Error Messages
- Hidden Fields
- Client Source Code
- Public Code Repos
- Config Files
- Data Leak Vectors
- Browser Autocomplete or Save Password Functionality
- Username Enumeration
- 404 and Other Non-200 Error Codes
- Generally Descriptive Error Messages
- Low Value Data – What Doesn’t Matter
- Account and Application Data
- Machine RSA/Encryption Keys
- Hostnames
- Passwords
- Access Tokens
- API Keys
- Data Leaks – What Information Matters?
- Security by Obscurity – The Siren Song
- Technical Requirements
- Access Control and Security Through Obscurity
- Further reading
- Questions
- Summary
- Final report
- Attack scenario
- Instructions to reproduce
- Methodology
- Payload
- URL
- Timestamps
- Category
- Gathering report information
- XXE – an end-to-end example
- Testing for XXE – where to find it and how to verify it
- XML injection and XXE – stronger together
- XML injection vectors
- A simple XXE example
- Technical requirements
- Detecting XML External Entities
- Further Reading
- Questions
- Summary
- Final Report
- Attack Scenario
- Instructions to Reproduce
- Methodology
- Payload
- URL
- Timestamps
- Category
- Gathering Report Information
- CSRF – An End-to-End Example
- Creating Your CSRF PoC Programmatically
- Validating Your CSRF PoC
- Creating a CSRF PoC Code Snippet
- Building and Using CSRF PoCs
- Technical Requirements
- CSRF and Insecure Session Authentication
- Further Reading
- Questions
- Summary
- Final Report
- Attack Scenario
- Instructions to Reproduce
- Methodology
- Payload
- URL
- Timestamps
- Category
- Gathering Report Information
- SQLi – An End-to-End Example
- NoSQL Injection – Injecting Malformed MongoDB Queries
- Writing a Wrapper Script
- Going Beyond Defaults
- Scanning for SQLi With Arachni
- Validating a Dork
- Google Dorks for SQLi
- Trawling for Bugs – Using Google Dorks and Python for SQLi Discovery
- Testing for SQLi With Sqlmap – Where to Find It and How to Verify It
- A Simple SQLi Example
- SQLi and Other Code Injection Attacks – Accepting Unvalidated Data
- Technical Requirements
- SQL Code Injection and Scanners
- Further Reading
- Questions
- Summary
- Attack Scenario
- Instructions to Reproduce
- Methodology
- Payload
- URL
- Timestamps
- Category
- Gathering Report Information
- XSS in Google Gruyere
- XSS – An End-To-End Example
- Payload Processing
- Payload Options
- Payload Sets
- Burp Suite and XSS Validator
- Testing for XSS – Where to Find It How to Verify It
- A Quick Overview of XSS – The Many Varieties of XSS
- Technical Requirements
- Unsanitized Data – An XSS Case Study
- Further Reading
- Questions
- Summary
- The Value Behind the Structure
- Putting It All Together
- Downloading the JavaScript
- Formatting the JS Report
- Building a Process
- Source Code
- Manual Walkthroughs
- Scrapy and Custom Pipelines
- Striker
- Burp Spider
- Spidering and Other Data-Collection Techniques
- Brute-forcing Web Content
- Scanning and Target Reconaissance
- Sitemaps
- Attack Surface Reconnaisance – Strategies and the Value of Standardization
- Using Burp
- Tools
- Technical Requirements
- Preparing for an Engagement
- Further Reading
- Questions
- Summary
- Evaluating Rules of Engagement – How to Protect Yourself
- The Vulnerability of Web Applications – What You Should Target
- ZeroDisclo and Coordinated Vulnerability Disclosures
- The Internet Bug Bounty Program
- Money Versus Swag Rewards
- Finding Other Programs
- Microsoft
- GitHub
- Amazon
- Company-Sponsored Initiatives
- Synack
- BountyFactory
- Vulnerability Lab
- HackerOne
- Bugcrowd
- Third-Party Marketplaces
- An Overview of Bug Bounty Communities – Where to Start Your Search
- Technical Requirements
- Choosing Your Hunting Ground
- Further Reading
- Questions
- Summary
- How (Not) To Use This Book – A Warning
- What You Will Learn – Next Steps
- Setting Up Your Environment – Tools To Know
- What You Should Already Know – Pentesting Background
- The Benefits of Bug Bounty Programs
- Technical Requirements
- Joining the Hunt
- Reviews
- Get in touch
- Conventions used
- Download the example code files
- To get the most out of this book
- What this book covers
- Who this book is for
- Preface
- Packt is searching for authors like you
- About the reviewers
- About the author
- Contributors
- Packt.com
- Why subscribe?
- Packt Upsell
- Dedication
- Hands-On Bug Hunting for Penetration Testers
- Copyright and Credits
- Title Page
- 封面
- 封面
- Title Page
- Copyright and Credits
- Hands-On Bug Hunting for Penetration Testers
- Dedication
- Packt Upsell
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewers
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the example code files
- Conventions used
- Get in touch
- Reviews
- Joining the Hunt
- Technical Requirements
- The Benefits of Bug Bounty Programs
- What You Should Already Know – Pentesting Background
- Setting Up Your Environment – Tools To Know
- What You Will Learn – Next Steps
- How (Not) To Use This Book – A Warning
- Summary
- Questions
- Further Reading
- Choosing Your Hunting Ground
- Technical Requirements
- An Overview of Bug Bounty Communities – Where to Start Your Search
- Third-Party Marketplaces
- Bugcrowd
- HackerOne
- Vulnerability Lab
- BountyFactory
- Synack
- Company-Sponsored Initiatives
- Amazon
- GitHub
- Microsoft
- Finding Other Programs
- Money Versus Swag Rewards
- The Internet Bug Bounty Program
- ZeroDisclo and Coordinated Vulnerability Disclosures
- The Vulnerability of Web Applications – What You Should Target
- Evaluating Rules of Engagement – How to Protect Yourself
- Summary
- Questions
- Further Reading
- Preparing for an Engagement
- Technical Requirements
- Tools
- Using Burp
- Attack Surface Reconnaisance – Strategies and the Value of Standardization
- Sitemaps
- Scanning and Target Reconaissance
- Brute-forcing Web Content
- Spidering and Other Data-Collection Techniques
- Burp Spider
- Striker
- Scrapy and Custom Pipelines
- Manual Walkthroughs
- Source Code
- Building a Process
- Formatting the JS Report
- Downloading the JavaScript
- Putting It All Together
- The Value Behind the Structure
- Summary
- Questions
- Further Reading
- Unsanitized Data – An XSS Case Study
- Technical Requirements
- A Quick Overview of XSS – The Many Varieties of XSS
- Testing for XSS – Where to Find It How to Verify It
- Burp Suite and XSS Validator
- Payload Sets
- Payload Options
- Payload Processing
- XSS – An End-To-End Example
- XSS in Google Gruyere
- Gathering Report Information
- Category
- Timestamps
- URL
- Payload
- Methodology
- Instructions to Reproduce
- Attack Scenario
- Summary
- Questions
- Further Reading
- SQL Code Injection and Scanners
- Technical Requirements
- SQLi and Other Code Injection Attacks – Accepting Unvalidated Data
- A Simple SQLi Example
- Testing for SQLi With Sqlmap – Where to Find It and How to Verify It
- Trawling for Bugs – Using Google Dorks and Python for SQLi Discovery
- Google Dorks for SQLi
- Validating a Dork
- Scanning for SQLi With Arachni
- Going Beyond Defaults
- Writing a Wrapper Script
- NoSQL Injection – Injecting Malformed MongoDB Queries
- SQLi – An End-to-End Example
- Gathering Report Information
- Category
- Timestamps
- URL
- Payload
- Methodology
- Instructions to Reproduce
- Attack Scenario
- Final Report
- Summary
- Questions
- Further Reading
- CSRF and Insecure Session Authentication
- Technical Requirements
- Building and Using CSRF PoCs
- Creating a CSRF PoC Code Snippet
- Validating Your CSRF PoC
- Creating Your CSRF PoC Programmatically
- CSRF – An End-to-End Example
- Gathering Report Information
- Category
- Timestamps
- URL
- Payload
- Methodology
- Instructions to Reproduce
- Attack Scenario
- Final Report
- Summary
- Questions
- Further Reading
- Detecting XML External Entities
- Technical requirements
- A simple XXE example
- XML injection vectors
- XML injection and XXE – stronger together
- Testing for XXE – where to find it and how to verify it
- XXE – an end-to-end example
- Gathering report information
- Category
- Timestamps
- URL
- Payload
- Methodology
- Instructions to reproduce
- Attack scenario
- Final report
- Summary
- Questions
- Further reading
- Access Control and Security Through Obscurity
- Technical Requirements
- Security by Obscurity – The Siren Song
- Data Leaks – What Information Matters?
- API Keys
- Access Tokens
- Passwords
- Hostnames
- Machine RSA/Encryption Keys
- Account and Application Data
- Low Value Data – What Doesn’t Matter
- Generally Descriptive Error Messages
- 404 and Other Non-200 Error Codes
- Username Enumeration
- Browser Autocomplete or Save Password Functionality
- Data Leak Vectors
- Config Files
- Public Code Repos
- Client Source Code
- Hidden Fields
- Error Messages
- Unmasking Hidden Content – How to Pull the Curtains Back
- Preliminary Code Analysis
- Using Burp to Uncover Hidden Fields
- Data Leakage – An End-to-End Example
- Gathering Report Information
- Final Report
- Summary
- Questions
- Further Reading
- Framework and Application-Specific Vulnerabilities
- Technical Requirements
- Known Component Vulnerabilities and CVEs – A Quick Refresher
- WordPress – Using WPScan
- WPScan as a Dockerized CLI
- Burp and WPScan
- Ruby on Rails – Rubysec Tools and Tricks
- Exploiting RESTful MVC Routing Patterns
- Checking the Version for Particular Weaknesses
- Testing Cookie Data and Authentication
- Django – Strategies for the Python App
- Checking for DEBUG = True
- Probing the Admin Page
- Summary
- Questions
- Further Reading
- Formatting Your Report
- Technical Requirements
- Reproducing the Bug – How Your Submission Is Vetted
- Critical Information – What Your Report Needs
- Maximizing Your Award – The Features That Pay
- Example Submission Reports – Where to Look
- Hackerone Hacktivity
- Vulnerability Lab Archive
- GitHub
- Summary
- Questions
- Further Reading
- Other Tools
- Technical Requirements
- Evaluating New Tools – What to Look For
- Paid Versus Free Editions – What Makes a Tool Worth It?
- A Quick Overview of Other Options – Nikto Kali Burp Extensions and More
- Scanners
- Nikto
- Zed Attack Proxy
- w3af
- nmap and python-nmap
- Aircrack-ng
- Wireshark
- SpiderFoot
- Resources
- FuzzDB
- Pentesting Cheatsheet
- Exploit DB
- Awesome Web Security
- Kali Linux
- Source Code Analysis (White Box) Tools
- Pytaint
- Bandit
- Brakeman
- Burp
- Burp Extensions
- JSON Beautifier
- Retire.js
- Python Scripter
- Burp Notes
- Burp REST API
- SaaS-Specific Extensions
- Using Burp Pro to Generate a CSRF PoC
- Metasploit and Exploitation Frameworks
- Summary
- Questions
- Further Reading
- Other (Out of Scope) Vulnerabilities
- Technical Requirements
- DoS/DDoS – The Denial-of-Service Problem
- Sandboxed and Self-XSS – Low-Threat XSS Varieties
- Non-Critical Data Leaks – What Companies Don’t Care About
- Emails
- HTTP Request Banners
- Known Public Files
- Missing HttpOnly Cookie Flags
- Other Common No-Payout Vulnerabilities
- Weak or Easily Nypassed Captchas
- The HTTP OPTIONS Method Enabled
- BEAST (CVE-2011-3389) and Other SSL-Based Attacks
- Brute Forcing Authentication Systems
- CSRF Logout
- Anonymous Form CSRF
- Clickjacking and Clickjacking-Enabled Attacks
- Physical Testing Findings
- Outdated Browsers
- Server Information
- Rate-Limiting
- Summary
- Questions
- Further Reading
- Going Further
- Blogs
- The SANS Institute
- Bugcrowd
- Darknet
- HighOn.Coffee
- Zero Day Blog
- SANS AppSec Blog
- Courses
- Penetration Testing With Kali Linux
- The Infosec Institute Coursework
- Udemy Penetration Testing Classes
- Terminology
- Attack Scenario
- Attack Surface
- Black Box Testing
- Bugs
- Bug Bounty Programs
- CORS
- Data Exfiltration
- Data Sanitation
- Data Leakage
- Exploit
- Fingerprinting
- Fuzzing
- Google Dorks
- Known Component Vulnerabilities
- OSINT
- Passive Versus Active Scanning
- Payload
- Proof-of-Concept (PoC)
- Rules of Engagement (RoE)
- Red Team
- Remote Code Execution (RCE)
- Safe Harbor
- Scope
- Security Posture
- Single-Origin Policy
- Submission Report
- Vulnerability
- White Box Testing
- Workflow
- Zero-Day
- Summary
- Questions
- Further Reading
- Assessment
- Chapter 1
- Chapter 2
- Chapter 3
- Chapter 4
- Chapter 5
- Chapter 6
- Chapter 7
- Chapter 8
- Chapter 9
- Chapter 10
- Chapter 11
- Chapter 12
- Chapter 13
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-07-16 17:54:01
