Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Modern Web Penetration Testing

You're reading from   Mastering Modern Web Penetration Testing Master the art of conducting modern pen testing attacks and techniques on your web application before the hacker does!

Arrow left icon
Product type Paperback
Published in Oct 2016
Publisher Packt
ISBN-13 9781785284588
Length 298 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Prakhar Prasad Prakhar Prasad
Author Profile Icon Prakhar Prasad
Prakhar Prasad
Rafay Baloch Rafay Baloch
Author Profile Icon Rafay Baloch
Rafay Baloch
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Common Security Protocols FREE CHAPTER 2. Information Gathering 3. Cross-Site Scripting 4. Cross-Site Request Forgery 5. Exploiting SQL Injection 6. File Upload Vulnerabilities 7. Metasploit and Web 8. XML Attacks 9. Emerging Attack Vectors 10. OAuth 2.0 Security 11. API Testing Methodology Index

What this book covers

Chapter 1, Common Security Protocols, focuses on different basic concepts of the Web and security in general, which you will find beneficial when conducting tests in real life. Topics such as same-origin policy are very important if someone wants to understand the enforcement done by a browser in the context of a web application; then, there are different encoding techniques, one of them being Base64, which is quite popular.

Chapter 2, Information Gathering, deals with various reconnaissance or enumeration techniques to discover surfaces that can be attacked. The more someone enumerates a particular web target, the better the chances are of finding a vulnerability inside it. The famous quote by Abraham Lincoln sums this chapter up well: If I had eight hours to chop down a tree, I would spend 6 of those hours sharpening my axe.

Chapter 3, Cross-Site Scripting, is a refresher on one of the most exploited flaws on the Web: cross-site scripting. This chapter contains different techniques of XSS, and some of them are really nasty, such as performing XSS by spoofing an IP address.

Chapter 4, Cross-Site Request Forgery, highlights the importance of CSRF as an attack vector, teaches newer ways to perform CSRF, for instance, when the request is a JSON object. Then, there is a real-life case study on a critical CSRF vulnerability on PayPal.

Chapter 5, Exploiting SQL Injection, doesn't need any introduction at all. This chapter makes use of SQLMap and explores it to detect and exploit SQL injection flaws.

Chapter 6, File Upload Vulnerabilities, deals with security flaws plaguing file upload functionality, which is very common in any web application. Methods to create and use different kinds of web shells, some techniques of DoS, and bypasses on certain types of filters have been covered here.

Chapter 7, Metasploit and Web, explains the Metasploit Framework and its relevance to web application security. It covers how to generate a web backdoor payload through MSF and different modules, with direct or indirect relation to the Web.

Chapter 8, XML Attacks, covers attack vectors, which exploit XML parsing implementation in a web application; XXE is a vector covered here apart from DoS issues, such as the XQB attack.

Chapter 9, Emerging Attack Vectors, includes some latest or unpopular techniques, which include RPO (Relative Path Overwrite), DOM clobbering, and Insecure Direct Object Reference to name a few.

Chapter 10, OAuth 2.0 Security, discusses various flaws in implementing the OAuth 2.0 protocol in web applications. It starts with the relevant basics of OAuth and goes on to explain possible attacks.

Chapter 11, API Testing Methodology, is the last chapter of this book and a guest chapter by security researcher and my friend Pranav Hivarekar. It covers the basics of REST APIs and then goes on to explain fundamental issues and mistakes made by developers while implementing them. Various case studies have also been covered in this chapter to provide real-life examples.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image