| Description |
1 online resource (338 p.) |
| Contents |
Cover -- Title Page -- Copyright and Credits -- Dedication -- Foreword -- Contributors -- Table of Contents -- Part 1: Attack Preparation -- Chapter 1: Mindset and Methodologies -- Approach and mindset -- The approach -- The process -- The testing techniques -- The baseline competencies -- The mindset -- Methodologies and frameworks -- NIST SP 800-115 -- Penetration Testing Execution Standard (PTES) -- OWASP's WSTG -- ISECOM's OSSTMM -- The recipe -- Summary -- Further reading -- Chapter 2: Toolset for Web Attacks and Exploitation -- Technical requirements |
|
Operating systems and the tools of the trade -- Operating system -- Linux -- Windows -- macOS -- Browser -- Interception proxy -- Python for automating web tasks -- Virtualization and containerization systems -- VirtualBox -- Docker -- Summary -- Further reading -- Part 2: Evergreen Attacks -- Chapter 3: Attacking the Authentication Layer -- a SAML Use Case -- Technical requirements -- Scenario files -- The Doors of Durin SAML login scenario -- How does SAML work and what are its vulnerabilities? -- What is SAML? -- Vulnerabilities on SAML -- Other authentication methods used with HTTP |
|
How to discover and exploit vulnerabilities in SAML -- Installing SAML Raider -- Verifying the typical flow -- the happy case -- Verifying whether it is possible to send information without signature -- Verifying whether it is possible to use a self-signed certificate -- Verifying whether it is possible to use XML Signature Wrapping (XSW) -- Other attacks and vulnerabilities on SAML -- Summary -- Further reading -- Chapter 4: Attacking Internet-Facing Web Applications -- SQL Injection and Cross-Site Scripting (XSS) on WordPress -- Technical requirements -- Scenario files |
|
WordPress scenario introduction -- How does SQL injection work? -- SQL injection types -- SQL injection techniques -- SQL injection impact -- Other injection vulnerabilities -- How to discover and exploit SQL injection vulnerabilities -- Information gathering and threat modeling -- Starting with Static Analysis -- Finding interesting files -- Analyzing interesting files -- Moving to dynamic analysis -- Finding the dynamic request -- Analyzing the context -- Verifying the SQL injection -- Exploiting the SQL injection -- Writing the exploit with Python |
|
Other attacks and vulnerabilities on internet-facing web applications -- The bonus XSS -- Summary -- Further reading -- Chapter 5: Attacking IoT Devices -- Command Injection and Path Traversal -- Technical requirements -- Physical device -- Scenario files -- IoT router exploitation scenario introduction -- How to analyze IoT devices -- IoT device analysis -- Analyzing industrial control system devices -- How to find and exploit vulnerabilities in IoT devices -- Basic physical analysis -- Firmware analysis -- Web Application Analysis -- Summary -- Further reading -- Part 3: Novel Attacks |
|
Chapter 6: Attacking Electron JavaScript Applications -- from Cross-Site Scripting (XSS) to Remote Command Execution (RCE) |
| Notes |
Description based upon print version of record |
| Subject |
Web applications -- Security measures
|
|
Computer security.
|
|
Cyberterrorism.
|
|
Computer security.
|
|
Cyberterrorism.
|
| Form |
Electronic book
|
| Author |
Onofri, Donato, author
|
|
Meucci, Matteo, writer of foreword
|
| ISBN |
9781801811965 |
|
1801811962 |
|
