Find and Exploit Vulnerabilities in Web sites and Applications
Buch, Englisch, 225 Seiten, Paperback, Format (B × H): 155 mm x 235 mm, Gewicht: 376 g
ISBN: 978-1-4842-5390-8
Verlag: Apress
You will then learn about header injection and URL redirection along with key tips to find vulnerabilities in them. Keeping in mind how attackers can deface your website, you will work with malicious files and automate your approach to defend against these attacks. Moving on to Sender Policy Framework (SPF), you will see tips to find vulnerabilities in it and exploit them. Following this, you will get to know how unintended XML injection and command injection work to keep attackers at bay. Finally, you will examine different attack vectors used to exploit HTML and SQL injection. Overall, Bug Bounty Hunting for Web Security will help you become a better penetration tester and at the same time it will teach you how to earn bounty by hunting bugs in web applications.
What You Will Learn
- Implement an offensive approach to bug hunting
Create and manage request forgery on web pages - Poison Sender Policy Framework and exploit it
Defend against cross-site scripting (XSS) attacks - Inject headers and test URL redirection
Work with malicious files and command injection - Resist strongly unintended XML attacks
Who This Book Is For
White-hat hacking enthusiasts who are new to bug hunting and are interested in understanding the core concepts.
Zielgruppe
Professional/practitioner
Autoren/Hrsg.
Fachgebiete
- Mathematik | Informatik EDV | Informatik Angewandte Informatik Wirtschaftsinformatik
- Mathematik | Informatik EDV | Informatik Betriebssysteme Linux Betriebssysteme, Open Source Betriebssysteme
- Wirtschaftswissenschaften Betriebswirtschaft Wirtschaftsinformatik, SAP, IT-Management
- Mathematik | Informatik EDV | Informatik Technische Informatik Computersicherheit
Weitere Infos & Material
Chapter 1: Let the Hunt Begin!Chapter Goal: This chapter will showcase how to implement an offensive approach to hunt bugs. And what type of tools are required?No of pages: 10
Sub -Topics1. Why hunt bugs?2. Introducing Burp Suite3. Introducing other tools
Chapter 2: Setting up Your Virtual LabChapter Goal: This chapter will guide readers with the goal to set up the virtual labs.No of pages: 10
Sub - Topics1. Why we need Virtual Box2. Introduction to Kali Linux – the hacker’s operating system3. What type of tools are available in Kali
Chapter 3: Injecting Request ForgeryChapter Goal: Readers will learn to create and manage request forgery on any web page.No of pages: 10
Sub - Topics:1. What is Request Forgery (CSRF)2. Mission Critical Injection of CSRF3. How to discover CSRF on any application
Chapter 4: Cross Site Scripting (XSS) ExploitationChapter Goal: This chapter will talk, comprehensively, about one of the most challenging tasks of any web application – to resist Cross Site Scripting or XSS Attacks.No of pages: 15
Sub - Topics:1. What is XSS2. How we can exploit through XSS3. How we can discover any XSS attack
Chapter 5: Header Injection and URL RedirectionChapter Goal: This chapter will discuss header injection, cache poisoning, and URL redirection.No of pages: 15
Sub - Topics:1. What is header injection and how it is related to URL redirection2. How Cross Site Scripting is done through Header Injection3. How to discover header has been injected4. How to find URL redirection vulnerabilities
Chapter 6: Uploading Malicious FilesChapter Goal: Readers will learn about malicious file uploading and take forward bug bounty hunting.No of pages: 10
Sub - Topics:1. How to upload malicious files to own a system2. What is defacement?3. How to automate this attack?
Chapter 7: Poisoning Sender Policy Framework (SPF)Chapter Goal: This chapter will cover basic and advanced technique to test SPF and exploit it.No of pages: 10
Sub - Topics:1. Is there insufficient SPF records2. How to exploit SPF3. How to find the vulnerabilities and test it
Chapter 8: Injecting Unintended XMLChapter Goal: Readers will learn about injecting unintended XML into any application.No of pages: 10
Sub - Topics:1. What is XML injection2. How to perform XML injection in Virtual Lab3. How to fetch System Configuration Files
Chapter 9: Command InjectionChapter Goal: Readers will learn how an operating system falls prey to injected command and how attackers feed on those vulnerabilities.No of pages: 10
Sub - Topics:1. What is command injection2. How to inject malicious commands3. How to exploit command injection
Chapter 10: Exploiting HTML and SQL InjectionChapter Goal: This chapter will teach readers the different attack vectors used to exploit HTML and SQL injection.No of pages: 20
Sub - Topics:1. What are HTML and SQL injection2. How to find and exploit HTML injection3. What are the header and cookie-based SQL injection4. How to bypass authentication by SQLI5. How to automate SQLI
Appendix: Further ReadingChapter Goal: This section will show readers additional new features of bug hunting and how to exploit them.No of pages: 10
Sub - Topics:1. What tools can be used alongside Burp Suite2. How source code disclosure helps information gathering3. What could be the next challenges to hunt bugs
