Attacking and Exploiting Modern Web Applications: Discover the mindset, techniques, and tools to perform modern web attacks and exploitation Front Cover

Attacking and Exploiting Modern Web Applications: Discover the mindset, techniques, and tools to perform modern web attacks and exploitation

by , ,
  • Length: 338 pages
  • Edition: 1
  • Publisher:
  • Publication Date: 2023-08-25
  • ISBN-10: 1801816298
  • ISBN-13: 9781801816298
  • Sales Rank: #1132797 (See Top 100 Books)
0
0 ratings
Print Book Look Inside
Description

Master the art of web exploitation and bug bounty hunting with real CVEs and CTFs on SAML, WordPress, IoT, ElectronJS, and Ethereum Smart Contracts.

Key Features

  • Learn to discover vulnerabilities using source code, dynamic analysis, and decompiling binaries.
  • Find and exploit vulnerabilities like SQL Injection, XSS, Command Injection, RCE, and Reentrancy.
  • Analyze real security incidents based on MITRE ATT&CK to understand the risk at the CISO level.

Book Description

Web Attacks and Exploits pose an ongoing threat to the interconnected world. This comprehensive book explores the new challenges of web application security, providing an in-depth understanding of hackers’ methods. It equips readers with the practical knowledge and skills needed to effectively understand these attacks, accompanying them through 3 CTFs and explaining the discovery of 7 CVEs.

The book starts by emphasizing the importance of mindset and toolset in conducting successful attacks. It helps you understand the required methodologies and frameworks, how to configure the environment using interception proxies and automate tasks with Bash and Python, and how to set up a research lab.

The book explores how to attack the authentication layer focusing on SAML, internet-facing web applications (specifically WordPress and SQL injection), exploiting vulnerabilities in IoT devices such as Command Injection. It also covers attacks on Electron JavaScript-based applications (XSS and RCE) and the security challenges of auditing and exploiting Ethereum Smart Contracts written in Solidity. The book concludes by describing how to disclose vulnerabilities. Each chapter analyses confirmed cases of exploitation mapped with MITRE ATT&CK.

By the end of this book, you will enhance your ability to find and exploit web vulnerabilities.

What you will learn

  • Understand the mindset, methodologies, and toolset for Web Attacks and Exploitation.
  • Learn how SAML and SSO work and find their vulnerabilities
  • Understand WordPress and how to exploit SQL Injections
  • Learn how IoT Devices work and to exploit Command Injection
  • Understand ElectronJS Applications and transform an XSS to an RCE
  • Learn how to audit Solidity’s Ethereum Smart Contracts
  • Understand how to decompile, debug, and instrument Web Applications

Who this book is for

We aim the audience at anyone who must ensure their organization’s security. Penetration Testers and Red Teamers who want to deepen their knowledge of the current security challenges for web applications; Developers and DevOps Engineers who want to get into the mindset of an attacker; and Security Managers and CISOs to truly understand the impact and the Risk of Web, IoT, and Smart Contracts. Basic knowledge of Web Technologies and related protocols is a must.

Free ChaptersTry Audible and Get Two Free Audiobooks »
To access the link, solve the captcha.
Recommended BooksMore Similar Books »
ChatGPT for Cybersecurity Cookbook: Learn practical generative AI recipes to supercharge your cybersecurity skills Cover
ChatGPT for Cybersecurity Cookbook: Learn practical generative AI recipes to supercharge your cybersecurity skills
2024-03-29
0
Python Programming Handbook For GUI Development Using Kivy : A Complete Beginners Guide To Learning Essential Skills To Build User-Friendly Interfaces ... Applications (The Python Power Toolkit) Cover
Python Programming Handbook For GUI Development Using Kivy : A Complete Beginners Guide To Learning Essential Skills To Build User-Friendly Interfaces ... Applications (The Python Power Toolkit)
2024-03-23
0
Ultimate Ember.js for Web App Development: Leverage Convention Over Configuration Paradigm to Develop, Build, and Deploy Complex Applications Using Ember.js (English Edition) Cover
Ultimate Ember.js for Web App Development: Leverage Convention Over Configuration Paradigm to Develop, Build, and Deploy Complex Applications Using Ember.js (English Edition)
2024-03-13
0
The OSINT Handbook: A practical guide to gathering and analyzing online information Cover
The OSINT Handbook: A practical guide to gathering and analyzing online information
2024-03-29
0
Enabling Microservice Success: Managing Technical, Organizational, and Cultural Challenges Cover
Enabling Microservice Success: Managing Technical, Organizational, and Cultural Challenges
2024-05-07
0
.NET MAUI Cross-Platform Application Development, 2nd Edition: Build high-performance apps for Android, iOS, macOS, and Windows using XAML and Blazor with .NET 8 Cover
.NET MAUI Cross-Platform Application Development, 2nd Edition: Build high-performance apps for Android, iOS, macOS, and Windows using XAML and Blazor with .NET 8
2024-03-25
0
Web API Cookbook: Level Up Your JavaScript Applications Cover
Web API Cookbook: Level Up Your JavaScript Applications
2024-05-07
0
Networks Attack Detection on 5G Networks using Data Mining Techniques Cover
Networks Attack Detection on 5G Networks using Data Mining Techniques
2024-04-23
0
Subscribe
Categories
Tags