Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering Modern Web Penetration Testing
  • Table Of Contents Toc
Mastering Modern Web Penetration Testing

Mastering Modern Web Penetration Testing

By : Prakhar Prasad
3 (10)
close
close
Mastering Modern Web Penetration Testing

Mastering Modern Web Penetration Testing

3 (10)
By: Prakhar Prasad

Overview of this book

Web penetration testing is a growing, fast-moving, and absolutely critical field in information security. This book executes modern web application attacks and utilises cutting-edge hacking techniques with an enhanced knowledge of web application security. We will cover web hacking techniques so you can explore the attack vectors during penetration tests. The book encompasses the latest technologies such as OAuth 2.0, Web API testing methodologies and XML vectors used by hackers. Some lesser discussed attack vectors such as RPO (relative path overwrite), DOM clobbering, PHP Object Injection and etc. has been covered in this book. We'll explain various old school techniques in depth such as XSS, CSRF, SQL Injection through the ever-dependable SQLMap and reconnaissance. Websites nowadays provide APIs to allow integration with third party applications, thereby exposing a lot of attack surface, we cover testing of these APIs using real-life examples. This pragmatic guide will be a great benefit and will help you prepare fully secure applications.
Table of Contents (13 chapters)
close
close
12
Index

Preface

The World Wide Web, or what we generally refer to as the Web, has become a vital part of our everyday lives. The usage of the Web, ranging from a simple webmail to a complex and sensitive banking web application, has made our lives easier. The Web was initially designed as a means of sharing information among users of the Internet using a combination of web pages and a browser. The era has passed now, and it's no longer a place limited to sharing information. Instead, our day-to-day work is getting automated and put into web applications; this has definitely revolutionized communication and empowered us. The mere idea of your or my banking application being offline is a nightmare; the same is the case with cloud services, such as like Dropbox, Gmail, or even iCloud. Well, if this wasn't enough, imagine these services were hacked and all the sensitive data stored in them fell into the hands of hackers—this is even scarier, right? They can sell the data, distribute it in the public domain, or even blackmail individual users. All of this has happened in the past—recall the celebrity photo leaks in 2014, when Apple's iCloud service API was breached by hackers and sensitive photos were leaked on the Internet. Similarly, Ashley Madison, a controversial dating website, was breached in 2015, and its users received blackmail letters.

The Web, although charismatic, is not a safe place for anybody; the previously mentioned cases clearly prove the point. However, we can beef up security to an extent that it becomes really hard to break into. It's a well-known fact that nothing can be a hundred per cent secure, but improving security never hurt anybody.

In a classic penetration test of web applications, different types of attacking techniques are used to find vulnerabilities and use them to break into systems. However, the Web is a growing field, and newer technologies are added every now and then. Any penetration tester conducting a test on a web application needs to be aware of newer techniques in the domain so that the latest classes of issues don't remain unpatched; at the same time, the old techniques must be extrapolated for better outcomes. This book is an attempt to achieve both in order to impart newer techniques, such as XML attack vectors, which include the recently popular XXE attack. Then we have OAuth 2.0, which varies with implementations, and this results in flaws, such as account takeovers. Among older techniques, we have XSS, CSRF, and Metasploit Framework (relevant to web) to name a few. The content I have added here in this book will help augment the already understood concepts in depth.

This book is a means of sharing my knowledge of web applications with the community. I truly believe you will find this book beneficial in one way or another. As an author, I wish you good luck exploring this book.

Happy reading!

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Mastering Modern Web Penetration Testing
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon