가야대학교 분성도서관

• 

  전체검색

  단행본

  정기간행물

  학위논문

  비도서

  특정번호 검색

  기사색인

  학습연구지원

  지정도서

• 

  전자자원통합검색

  해외 WEB DB

  E-Book

  E-Learning

  국내 WEB DB

  인터넷검색

• 

  대출현황조회/연장

  예약현황조회/취소

  희망도서

  내서재

  나의서평

  나의태그

  나의위젯

  RSS

  SDI

  개인정보관리

• 

  공지사항

  FAQ

  Q&A 일반·학술

  신착/인기 도서

  학위논문온라인제출

  외부인 이용안내

  설문조사

• 

  도서관 소개

  연혁

  현황

  이용안내

  찾아오시는 길

• 

  	• 전체검색 • 단행본 • 정기간행물 • 학위논문 • 비도서 • 특정번호 검색 • 기사색인 • 학습연구지원 • 지정도서 • 전자자원통합검색 • 해외 WEB DB • E-Book • E-Learning • 국내 WEB DB • 인터넷검색 • 대출현황조회/연장 • 예약현황조회/취소 • 희망도서 • 내서재 • 나의서평 • 나의태그 • 나의위젯 • RSS • SDI • 개인정보관리 • 공지사항 • FAQ • Q&A 일반·학술 • 신착/인기 도서 • 학위논문온라인제출 • 외부인 이용안내 • 설문조사 • 도서관 소개 • 연혁 • 현황 • 이용안내 • 찾아오시는 길

자료검색

• Home
• 상세정보

상세정보

검색결과 돌아가기

부가기능

 MARC보기  

Hands-on bug hunting for penetration testers : a practical guide to help ethical hackers discover web application security flaws / [electronic resource]

상세 프로파일

상세정보

자료유형	E-Book
개인저자	Marshall, Joseph.
서명/저자사항	Hands-on bug hunting for penetration testers[electronic resource] :a practical guide to help ethical hackers discover web application security flaws /by Joseph Marshall.
발행사항	Birmingham : Packt Publishing Ltd, 2018.
형태사항	1 online resource (240 p.)
소장본 주기	Master record variable field(s) change: 050, 072, 082, 650
ISBN	9781789349894 1789349893
일반주기	Description based upon print version of record. Attack Scenario
내용주기	Cover; Title Page; Copyright and Credits; Dedication; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Joining the Hunt; Technical Requirements; The Benefits of Bug Bounty Programs; What You Should Already Know - Pentesting Background; Setting Up Your Environment -- Tools To Know; What You Will Learn -- Next Steps; How (Not) To Use This Book - A Warning; Summary; Questions; Further Reading; Chapter 2: Choosing Your Hunting Ground; Technical Requirements; An Overview of Bug Bounty Communities - Where to Start Your Search; Third-Party Marketplaces; Bugcrowd; HackerOne Vulnerability LabBountyFactory; Synack; Company-Sponsored Initiatives; Google; Facebook; Amazon; GitHub; Microsoft; Finding Other Programs; Money Versus Swag Rewards; The Internet Bug Bounty Program; ZeroDisclo and Coordinated Vulnerability Disclosures; The Vulnerability of Web Applications - What You Should Target; Evaluating Rules of Engagement -- How to Protect Yourself; Summary; Questions; Further Reading; Chapter 3: Preparing for an Engagement; Technical Requirements; Tools; Using Burp; Attack Surface Reconnaisance -- Strategies and the Value of Standardization; Sitemaps Scanning and Target ReconaissanceBrute-forcing Web Content; Spidering and Other Data-Collection Techniques; Burp Spider; Striker; Scrapy and Custom Pipelines; Manual Walkthroughs; Source Code; Building a Process; Formatting the JS Report; Downloading the JavaScript; Putting It All Together; The Value Behind the Structure; Summary; Questions; Further Reading; Chapter 4: Unsanitized Data -- An XSS Case Study; Technical Requirements; A Quick Overview of XSS - The Many Varieties of XSS; Testing for XSS -- Where to Find It, How to Verify It; Burp Suite and XSS Validator; Payload Sets Payload OptionsPayload Processing; XSS -- An End-To-End Example; XSS in Google Gruyere; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce; Attack Scenario; Summary; Questions; Further Reading; Chapter 5: SQL, Code Injection, and Scanners; Technical Requirements; SQLi and Other Code Injection Attacks -- Accepting Unvalidated Data; A Simple SQLi Example; Testing for SQLi With Sqlmap -- Where to Find It and How to Verify It; Google Dorks for SQLi; Validating a Dork; Scanning for SQLi With Arachni; Going Beyond Defaults; Writing a Wrapper Script NoSQL Injection -- Injecting Malformed MongoDB QueriesSQLi -- An End-to-End Example; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce; Attack Scenario; Final Report; Summary; Questions; Further Reading; Chapter 6: CSRF and Insecure Session Authentication; Technical Requirements; Building and Using CSRF PoCs; Creating a CSRF PoC Code Snippet; Validating Your CSRF PoC; Creating Your CSRF PoC Programmatically; CSRF -- An End-to-End Example; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce
요약	Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively--and profitably--participating in bug bounty programs.
일반주제명	Computer networks -- Security measures. World Wide Web -- Security measures. Application software. COMPUTERS / General.
언어	영어
기타형태 저록	Print version:Marshall, JosephHands-On Bug Hunting for Penetration Testers : A Practical Guide to Help Ethical Hackers Discover Web Application Security FlawsBirmingham : Packt Publishing Ltd,c20189781789344202
대출바로가기	http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=1892711

소장정보

• 소장정보

 인쇄

메세지가 없습니다

No.	등록번호	청구기호	소장처	도서상태	반납예정일	예약	서비스	매체정보
1	WE00016333	006.78	가야대학교/전자책서버(컴퓨터서버)/	대출가능

서평

• 서평

서평이 성공적으로 등록되었습니다. 나의서평보기

서평등록 중 오류가 발생하였습니다. 재시도 하십시오.

  서평추가 (로그인 필요)

서평입력 폼

서평

별점:
별점
제목:
내용:

 저장     닫기     에디터 변경

태그

• 태그

태그가 저장되었습니다. 나의 태그

태그저장 중 오류가 발생하였습니다. 재시도 하십시오.

  태그추가 (로그인 필요)

태그입력 폼

태그를 입력하십시오. 콤마(,)를 구분자로 다수개의 태그를 입력할 수 있습니다.

  태그보기

• 디자인
• web
• 멀티미디어
• 영상그래픽
• 사진

 저장     닫기

나의 태그

나의 태그 (0)

모든 이용자 태그

모든 이용자 태그 (0)