Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Hands-On Bug Hunting for Penetration Testers

You're reading from   Hands-On Bug Hunting for Penetration Testers A practical guide to help ethical hackers discover web application security flaws

Arrow left icon
Product type Paperback
Published in Sep 2018
Publisher Packt
ISBN-13 9781789344202
Length 250 pages
Edition 1st Edition
Languages
Arrow right icon
Authors (2):
Arrow left icon
Himanshu Sharma Himanshu Sharma
Author Profile Icon Himanshu Sharma
Himanshu Sharma
Joe Marshall Joe Marshall
Author Profile Icon Joe Marshall
Joe Marshall
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Preface 1. Joining the Hunt 2. Choosing Your Hunting Ground FREE CHAPTER 3. Preparing for an Engagement 4. Unsanitized Data – An XSS Case Study 5. SQL, Code Injection, and Scanners 6. CSRF and Insecure Session Authentication 7. Detecting XML External Entities 8. Access Control and Security Through Obscurity 9. Framework and Application-Specific Vulnerabilities 10. Formatting Your Report 11. Other Tools 12. Other (Out of Scope) Vulnerabilities 13. Going Further 14. Assessment 15. Other Books You May Enjoy

What You Should Already Know – Pentesting Background

This book assumes a familiarity with both web application engineering and the basics of web application security. Any experience with the frontend technologies that will provide the interface and context for many of your discoveries is an asset, including a basic understanding of HTML/CSS/JS, and the DOM; the client-server relationship, session management (cookies, TTL, and so on); and the browser environment. In addition, a general acquaintance with the RESTful API architecture, popular application frameworks and languages (Django/Python, RoR/Ruby, and so on), common application security techniques, and common vulnerabilities, will all be handy. You might be a full-time security researcher, a moonlighting web application engineer, or even just a programming enthusiast with a light background and a historical interest in security – you'll all find something useful within these pages. If you're just beginning, that's OK too – working through the step-by-step walk-through in later chapters will help you develop as a security researcher; you just might need to fill in the gaps with outside context.

In addition to these topics, it's assumed you'll also have experience using the command line. While many great graphic tools exist for conducting and visualizing penetration testing engagements, and we'll use many of them, the CLI is an invaluable tool for everything from package management, to real-time pentesting execution, to automation. And while many of the tools used will have a compatible Windows counterpart, the actual engagements will be conducted (for the most part) on a 2015-generation MacBook Pro loaded with High Sierra (10.13.2), if you are working on a Windows PC, you can still participate by using a virtual machine or emulation software.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image