가야대학교 분성도서관

상단 글로벌/추가 메뉴

회원 로그인


자료검색

자료검색

상세정보

부가기능

Hands-on bug hunting for penetration testers : a practical guide to help ethical hackers discover web application security flaws / [electronic resource]

상세 프로파일

상세정보
자료유형E-Book
개인저자Marshall, Joseph.
서명/저자사항Hands-on bug hunting for penetration testers[electronic resource] :a practical guide to help ethical hackers discover web application security flaws /by Joseph Marshall.
발행사항Birmingham : Packt Publishing Ltd, 2018.
형태사항1 online resource (240 p.)
소장본 주기Master record variable field(s) change: 050, 072, 082, 650
ISBN9781789349894
1789349893
일반주기 Description based upon print version of record.
Attack Scenario
내용주기Cover; Title Page; Copyright and Credits; Dedication; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Joining the Hunt; Technical Requirements; The Benefits of Bug Bounty Programs; What You Should Already Know - Pentesting Background; Setting Up Your Environment -- Tools To Know; What You Will Learn -- Next Steps; How (Not) To Use This Book - A Warning; Summary; Questions; Further Reading; Chapter 2: Choosing Your Hunting Ground; Technical Requirements; An Overview of Bug Bounty Communities - Where to Start Your Search; Third-Party Marketplaces; Bugcrowd; HackerOne
Vulnerability LabBountyFactory; Synack; Company-Sponsored Initiatives; Google; Facebook; Amazon; GitHub; Microsoft; Finding Other Programs; Money Versus Swag Rewards; The Internet Bug Bounty Program; ZeroDisclo and Coordinated Vulnerability Disclosures; The Vulnerability of Web Applications - What You Should Target; Evaluating Rules of Engagement -- How to Protect Yourself; Summary; Questions; Further Reading; Chapter 3: Preparing for an Engagement; Technical Requirements; Tools; Using Burp; Attack Surface Reconnaisance -- Strategies and the Value of Standardization; Sitemaps
Scanning and Target ReconaissanceBrute-forcing Web Content; Spidering and Other Data-Collection Techniques; Burp Spider; Striker; Scrapy and Custom Pipelines; Manual Walkthroughs; Source Code; Building a Process; Formatting the JS Report; Downloading the JavaScript; Putting It All Together; The Value Behind the Structure; Summary; Questions; Further Reading; Chapter 4: Unsanitized Data -- An XSS Case Study; Technical Requirements; A Quick Overview of XSS - The Many Varieties of XSS; Testing for XSS -- Where to Find It, How to Verify It; Burp Suite and XSS Validator; Payload Sets
Payload OptionsPayload Processing; XSS -- An End-To-End Example; XSS in Google Gruyere; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce; Attack Scenario; Summary; Questions; Further Reading; Chapter 5: SQL, Code Injection, and Scanners; Technical Requirements; SQLi and Other Code Injection Attacks -- Accepting Unvalidated Data; A Simple SQLi Example; Testing for SQLi With Sqlmap -- Where to Find It and How to Verify It; Google Dorks for SQLi; Validating a Dork; Scanning for SQLi With Arachni; Going Beyond Defaults; Writing a Wrapper Script
NoSQL Injection -- Injecting Malformed MongoDB QueriesSQLi -- An End-to-End Example; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce; Attack Scenario; Final Report; Summary; Questions; Further Reading; Chapter 6: CSRF and Insecure Session Authentication; Technical Requirements; Building and Using CSRF PoCs; Creating a CSRF PoC Code Snippet; Validating Your CSRF PoC; Creating Your CSRF PoC Programmatically; CSRF -- An End-to-End Example; Gathering Report Information; Category; Timestamps; URL; Payload; Methodology; Instructions to Reproduce
요약Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively--and profitably--participating in bug bounty programs.
일반주제명Computer networks -- Security measures.
World Wide Web -- Security measures.
Application software.
COMPUTERS / General.
언어영어
기타형태 저록Print version:Marshall, JosephHands-On Bug Hunting for Penetration Testers : A Practical Guide to Help Ethical Hackers Discover Web Application Security FlawsBirmingham : Packt Publishing Ltd,c20189781789344202
대출바로가기http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=1892711

소장정보

  • 소장정보

인쇄 인쇄

메세지가 없습니다
No. 등록번호 청구기호 소장처 도서상태 반납예정일 예약 서비스 매체정보
1 WE00016333 006.78 가야대학교/전자책서버(컴퓨터서버)/ 대출가능 인쇄 이미지  

서평

  • 서평

태그

  • 태그

나의 태그

나의 태그 (0)

모든 이용자 태그

모든 이용자 태그 (0) 태그 목록형 보기 태그 구름형 보기
 

퀵메뉴

대출현황/연장
예약현황조회/취소
자료구입신청
상호대차
FAQ
교외접속
사서에게 물어보세요
메뉴추가
quickBottom

카피라이터

  • 개인정보보호방침
  • 이메일무단수집거부

김해캠퍼스 | 621-748 | 경남 김해시 삼계로 208 | TEL:055-330-1033 | FAX:055-330-1032
			Copyright 2012 by kaya university Bunsung library All rights reserved.