Further reading
This chapter covered many topics. If you want to go deeper, we’re happy to share some valuable resources with you:
- [1] Perla, E. and Oldani, M. (2010). A Guide to Kernel Exploitation. Elsevier.
- [2] CIS. (n.d.). Web Attacks. [online] Available at https://www.cisecurity.org/insights/spotlight/ei-isac-cybersecurity-spotlight-web-attack.
- [3] attack.mitre.org. (2018). Initial Access, Tactic TA0001 - Enterprise | MITRE ATT&CK®. [online] Available at https://attack.mitre.org/tactics/TA0001/.
- [4] PTES (2014). The Penetration Testing Execution Standard. [online] Pentest-standard.org. Available at http://www.pentest-standard.org/index.php/Main_Page.
- [5] OWASP (n.d.). OWASP Web Security Testing Guide. [online] owasp.org. Available at https://owasp.org/www-project-web-security-testing-guide/.
- [6] Onofri, S. and Napolitano, L. (2012). SPARQL Injection: attacking the triple store. [online] Available at https://owasp.org/www-pdf-archive/Onofri-NapolitanoOWASPDayItaly2012.pdf.
- [7] GitHub. (2020). SpiderLabs/ModSecurity. [online] Available at https://github.com/SpiderLabs/ModSecurity.
- [8] GitHub. (2023). OWASP ModSecurity Core Rule Set (CRS). [online] Available at https://github.com/coreruleset/coreruleset/blob/v4.0/dev/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf.
- [9] GitHub. (n.d.). webshells/php at master · BlackArch/webshells. [online] Available at https://github.com/BlackArch/webshells/tree/master/php.
- [10] [email protected] (2020). NIST SP 800-115. [online] NIST. Available at https://www.nist.gov/privacy-framework/nist-sp-800-115.
- [11] Grossman, J. (2006). Vulnerability Stack. [online] Available at https://blog.jeremiahgrossman.com/2006/11/vulnerability-stack.html.
- [12] Berners-Lee, T. and Connolly, D.W. (1995). Hypertext Markup Language – 2.0. [online] IETF. Available at https://www.rfc-editor.org/info/rfc1866.
- [13] The Mentor (1986). .:: Phrack Magazine ::. [online] Phrack.org. Available at http://phrack.org/issues/7/3.html.
- [14] Herzog, P. (2010a). OSSTMM 3 – The Open Source Security Testing Methodology Manual. [online] Available at https://www.isecom.org/OSSTMM.3.pdf.
- [15] OWASP (n.d.). OWASP Application Security Verification Standard. [online] owasp.org. Available at https://owasp.org/www-project-application-security-verification-standard/.
- [16] mobeenx (n.d.). Document Library. [online] PCI Security Standards Council. Available at https://www.pcisecuritystandards.org/document_library/.
- [17] Searle, J. (n.d.). NESCOR Guide to Penetration Testing for Electric Utilities Version 3. [online] Available at https://smartgrid.epri.com/doc/NESCORGuidetoPenetrationTestingforElectricUtilities-v3-Final.pdf.
- [18] attack.mitre.org. (n.d.). MITRE ATT&CK®. [online] Available at https://attack.mitre.org.