舉報 
會員
Becoming the Hacker
最新章節:
Index
BecomingtheHackerwillteachyouhowtoapproachwebpenetrationtestingwithanattacker'smindset.Whiletestingwebapplicationsforperformanceiscommon,theever-changingthreatlandscapemakessecuritytestingmuchmoredifficultforthedefender.Therearemanywebapplicationtoolsthatclaimtoprovideacompletesurveyanddefenseagainstpotentialthreats,buttheymustbeanalyzedinlinewiththesecurityneedsofeachwebapplicationorservice.Wemustunderstandhowanattackerapproachesawebapplicationandtheimplicationsofbreachingitsdefenses.Throughthefirstpartofthebook,AdrianPruteanuwalksyouthroughcommonlyencounteredvulnerabilitiesandhowtotakeadvantageofthemtoachieveyourgoal.Thelatterpartofthebookshiftsgearsandputsthenewlylearnedtechniquesintopractice,goingoverscenarioswherethetargetmaybeapopularcontentmanagementsystemoracontainerizedapplicationanditsnetwork.BecomingtheHackerisaclearguidetowebapplicationsecurityfromanattacker'spointofview,fromwhichbothsidescanbenefit.
目錄(92章)
倒序
- 封面
- 版權頁
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Get in touch
- Chapter 1. Introduction to Attacking Web Applications
- Rules of engagement
- The tester's toolkit
- The attack proxy
- Cloud infrastructure
- Resources
- Exercises
- Summary
- Chapter 2. Efficient Discovery
- Types of assessments
- Target mapping
- Efficient brute-forcing
- Polyglot payloads
- Resources
- Exercises
- Summary
- Chapter 3. Low-Hanging Fruit
- Network assessment
- A better way to shell
- Cleaning up
- Resources
- Summary
- Chapter 4. Advanced Brute-forcing
- Password spraying
- Behind seven proxies
- Summary
- Chapter 5. File Inclusion Attacks
- RFI
- LFI
- File inclusion to remote code execution
- More file upload issues
- Summary
- Chapter 6. Out-of-Band Exploitation
- A common scenario
- Command and control
- Let’s Encrypt Communication
- INet simulation
- The confirmation
- Async data exfiltration
- Data inference
- Summary
- Chapter 7. Automated Testing
- Extending Burp
- Obfuscating code
- Burp Collaborator
- Summary
- Chapter 8. Bad Serialization
- Abusing deserialization
- Attacking custom protocols
- Summary
- Chapter 9. Practical Client-Side Attacks
- SOP
- Cross-origin resource sharing
- XSS
- CSRF
- BeEF
- Summary
- Chapter 10. Practical Server-Side Attacks
- Internal and external references
- XXE attacks
- Summary
- Chapter 11. Attacking APIs
- API communication protocols
- API authentication
- Postman
- Attack considerations
- Summary
- Chapter 12. Attacking CMS
- Application assessment
- Backdooring the code
- Summary
- Chapter 13. Breaking Containers
- Vulnerable Docker scenario
- Foothold
- Situational awareness
- Container breakout
- Summary
- Leave a review - let other readers know what you think
- Index 更新時間:2021-06-11 13:39:21
推薦閱讀
- 黑客攻防技巧
- 暗戰亮劍:黑客滲透與防御全程實錄
- 黑客攻防入門秘笈
- 工業物聯網安全
- 硬黑客:智能硬件生死之戰
- 計算機網絡安全技術研究
- 計算機網絡安全基礎(第5版)
- 情報驅動應急響應
- 互聯網企業安全高級指南
- 網絡安全實戰詳解(企業專供版)
- 華為Anti-DDoS技術漫談
- 黑客攻擊與防范實戰從入門到精通
- 網絡空間安全法律問題研究
- 信息系統安全等級化保護原理與實踐
- 密碼朋克:自由與互聯網的未來
- 2010年中國互聯網網絡安全報告
- 反黑風暴:黑客社會工程學攻防演練
- 大數據時代的智慧城市與信息安全
- 安全之美
- 互聯網金融法律與風險控制(第2版)
- 物聯網安全
- 無線網絡安全攻防實戰進階
- 漏洞
- 信息安全技術專業基于工作過程支撐平臺課程體系開發實踐
- 美國網絡安全戰略與政策二十年
- 電腦黑客攻防技巧
- 小小黑客之路
- 身邊的網絡安全:互聯網時代的生活安全攻略
- 響應式安全:構建企業信息安全體系
- 黑客揭秘與反黑實戰:基礎入門不求人
