Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Attacking and Exploiting Modern Web Applications
  • Table Of Contents Toc
Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

By : Simone Onofri, Onofri
4.9 (12)
Buy this Book
close
close
Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

4.9 (12)
By: Simone Onofri, Onofri
Buy this Book

Overview of this book

Web attacks and exploits pose an ongoing threat to the interconnected world. This comprehensive book explores the latest challenges in web application security, providing you with an in-depth understanding of hackers' methods and the practical knowledge and skills needed to effectively understand web attacks. The book starts by emphasizing the importance of mindset and toolset in conducting successful web attacks. You’ll then explore the methodologies and frameworks used in these attacks, and learn how to configure the environment using interception proxies, automate tasks with Bash and Python, and set up a research lab. As you advance through the book, you’ll discover how to attack the SAML authentication layer; attack front-facing web applications by learning WordPress and SQL injection, and exploit vulnerabilities in IoT devices, such as command injection, by going through three CTFs and learning about the discovery of seven CVEs. Each chapter analyzes confirmed cases of exploitation mapped with MITRE ATT&CK. You’ll also analyze attacks on Electron JavaScript-based applications, such as XSS and RCE, and the security challenges of auditing and exploiting Ethereum smart contracts written in Solidity. Finally, you’ll find out how to disclose vulnerabilities. By the end of this book, you’ll have enhanced your ability to find and exploit web vulnerabilities.
Table of Contents (14 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Part 1: Attack Preparation
Icon
Part 1: Attack Preparation
Lock Free Chapter
2
Chapter 1: Mindset and Methodologies
chevron up
Icon
Chapter 1: Mindset and Methodologies
Icon
Approach and mindset
Icon
Methodologies and frameworks
Icon
Summary
Icon
Further reading
3
Chapter 2: Toolset for Web Attacks and Exploitation
Icon
Chapter 2: Toolset for Web Attacks and Exploitation
Icon
Technical requirements
Icon
Operating systems and the tools of the trade
Icon
Virtualization and containerization systems
Icon
Summary
Icon
Further reading
4
Part 2: Evergreen Attacks
Icon
Part 2: Evergreen Attacks
5
Chapter 3: Attacking the Authentication Layer – a SAML Use Case
Icon
Chapter 3: Attacking the Authentication Layer – a SAML Use Case
Icon
Technical requirements
Icon
The Doors of Durin SAML login scenario
Icon
How does SAML work and what are its vulnerabilities?
Icon
Other authentication methods used with HTTP
Icon
How to discover and exploit vulnerabilities in SAML
Icon
Summary
Icon
Further reading
6
Chapter 4: Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress
Icon
Chapter 4: Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress
Icon
Technical requirements
Icon
WordPress scenario introduction
Icon
How does SQL injection work?
Icon
How to discover and exploit SQL injection vulnerabilities
Icon
Summary
Icon
Further reading
7
Chapter 5: Attacking IoT Devices – Command Injection and Path Traversal
Icon
Chapter 5: Attacking IoT Devices – Command Injection and Path Traversal
Icon
Technical requirements
Icon
IoT router exploitation scenario introduction
Icon
How to analyze IoT devices
Icon
How to find and exploit vulnerabilities in IoT devices
Icon
Summary
Icon
Further reading
8
Part 3: Novel Attacks
Icon
Part 3: Novel Attacks
9
Chapter 6: Attacking Electron JavaScript Applications – from Cross-Site Scripting (XSS) to Remote Command Execution (RCE)
Icon
Chapter 6: Attacking Electron JavaScript Applications – from Cross-Site Scripting (XSS) to Remote Command Execution (RCE)
Icon
Technical requirements
Icon
Electron JavaScript applications scenario introduction
Icon
How Electron JavaScript applications and XSS work
Icon
How to find and exploit XSS in Electron JavaScript applications to obtain RCE
Icon
Summary
Icon
Further reading
10
Chapter 7: Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic
Icon
Chapter 7: Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic
Icon
Technical requirements
Icon
LicenseManager smart contract scenario
Icon
How smart contracts work on the Ethereum blockchain and security considerations
Icon
How to find and exploit vulnerabilities in Ethereum smart contracts
Icon
Summary
Icon
Further reading
11
Chapter 8: Continuing the Journey of Vulnerability Discovery
Icon
Chapter 8: Continuing the Journey of Vulnerability Discovery
Icon
An approach to discovering vulnerabilities
Icon
The dilemma of disclosing vulnerabilities
Icon
Summary
Icon
Further reading
12
Index
Icon
Index
Icon
Why subscribe?
13
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

Mindset and Methodologies

“Novices often view exploitation as some sort of magic process, but no magic is involved – only creativity, cleverness, and a lot of dedication. In other words, it is an art.”

Enrico Perla and Massimo Oldani [1]

Welcome to the first chapter, where we will begin our journey by understanding the right approach, mindset, and methodologies for attacking and exploiting modern web applications.

As we read in the epigraph, taken from the book A Guide to Kernel Exploitation, written by a dear friend, exploitation is considered an art, which makes it difficult to systematize. While our discussion focuses on web applications rather than the Linux kernel, it is essential to clarify what we mean by attacking web applications and exploiting their vulnerabilities.

In the first part of this chapter, we will clarify these concepts and learn about the approach, the steps of an attack, the testing techniques, the mindset, and the competencies we need to have.

In the second part, we will learn about the existing methodologies and how to combine them to use them effectively in real-world scenarios.

In this chapter, we’re going to cover the following main topics:

  • Approach and mindset
  • Methodologies and frameworks for attacking web applications
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Attacking and Exploiting Modern Web Applications
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon