A comprehensive guide to effectively understand web attacks for web application security, featuring real-world bug bounty hunting techniques, CVEs, and CTFs
Key Features
- Learn how to find vulnerabilities using source code, dynamic analysis, and decompiling binaries
- Find and exploit vulnerabilities such as SQL Injection, XSS, Command Injection, RCE, and Reentrancy
- Analyze real security incidents based on MITRE ATT&CK to understand the risk at the CISO level
Web attacks and exploits pose an ongoing threat to the interconnected world. This comprehensive book explores the latest challenges in web application security, providing you with an in-depth understanding of hackers' methods and the practical knowledge and skills needed to effectively understand web attacks.
emphasizing the importance of mindsets and toolsets in conducting successful web attacks. You’ll then explore the methodologies and frameworks used in these attacks, and learn how to configure an environment using interception proxies, automate tasks with Bash and Python, and set up a research lab. As you advance through the book, you’ll discover how to attack the SAML authentication layer; attack front-facing web applications by learning WordPress and SQL injection, and exploit vulnerabilities in IoT devices, such as command injection, by going through three CTFs and learning about the discovery of seven CVEs. Each chapter analyzes confirmed cases of exploitation mapped with MITRE ATT&CK. You’ll also analyze attacks on Electron JavaScript-based applications, such as XSS and RCE, and the security challenges of auditing and exploiting Ethereum smart contracts written in Solidity. Finally, you’ll find out how to disclose vulnerabilities.
By the end of this book, you’ll have enhanced your ability to find and exploit web vulnerabilities.
emphasizing the importance of mindsets and toolsets in conducting successful web attacks. You’ll then explore the methodologies and frameworks used in these attacks, and learn how to configure an environment using interception proxies, automate tasks with Bash and Python, and set up a research lab. As you advance through the book, you’ll discover how to attack the SAML authentication layer; attack front-facing web applications by learning WordPress and SQL injection, and exploit vulnerabilities in IoT devices, such as command injection, by going through three CTFs and learning about the discovery of seven CVEs. Each chapter analyzes confirmed cases of exploitation mapped with MITRE ATT&CK. You’ll also analyze attacks on Electron JavaScript-based applications, such as XSS and RCE, and the security challenges of auditing and exploiting Ethereum smart contracts written in Solidity. Finally, you’ll find out how to disclose vulnerabilities.
By the end of this book, you’ll have enhanced your ability to find and exploit web vulnerabilities.
What you will learn
- Understand the mindset, methodologies, and toolset needed to carry out web attacks
- Discover how SAML and SSO work and study their vulnerabilities
- Get to grips with WordPress and learn how to exploit SQL injection
- Find out how IoT devices work and exploit command injection
- Familiarize yourself with Electron JavaScript-based applications and transform an XSS to an RCE
- Discover how to audit Solidity’s Ethereum smart contracts
-
You must reply in thread to view hidden text or upgrade your account to always see hidden content.
