Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Defensive Security

You're reading from   Mastering Defensive Security Effective techniques to secure your Windows, Linux, IoT, and cloud infrastructure

Arrow left icon
Product type Paperback
Published in Jan 2022
Publisher Packt
ISBN-13 9781800208162
Length 528 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Cesar Bravo Cesar Bravo
Author Profile Icon Cesar Bravo
Cesar Bravo
Arrow right icon
View More author details
Toc

Table of Contents (23) Chapters Close

Preface 1. Section 1: Mastering Defensive Security Concepts
2. Chapter 1: A Refresher on Defensive Security Concepts FREE CHAPTER 3. Chapter 2: Managing Threats, Vulnerabilities, and Risks 4. Chapter 3: Comprehending Policies, Procedures, Compliance, and Audits 5. Chapter 4: Patching Layer 8 6. Chapter 5: Cybersecurity Technologies and Tools 7. Section 2: Applying Defensive Security
8. Chapter 6: Securing Windows Infrastructures 9. Chapter 7: Hardening a Unix Server 10. Chapter 8: Enhancing Your Network Defensive Skills 11. Chapter 9: Deep Diving into Physical Security 12. Chapter 10: Applying IoT Security 13. Chapter 11: Secure Development and Deployment on the Cloud 14. Chapter 12: Mastering Web App Security 15. Section 3: Deep Dive into Defensive Security
16. Chapter 13: Vulnerability Assessment Tools 17. Chapter 14: Malware Analysis 18. Chapter 15: Leveraging Pentesting for Defensive Security 19. Chapter 16: Practicing Forensics 20. Chapter 17: Achieving Automation of Security Tools 21. Chapter 18: The Master's Compilation of Useful Resources 22. Other Books You May Enjoy

Overviewing the most common attacks on web applications

Now is the time to talk about the most common attacks against web applications that you may face and, of course, all the methods, techniques, and tools that you can use to protect your systems against them.

Exploring XSS attacks

The logic behind this type of attack is very simple: to leverage some JavaScript or HTML to execute some code on your web application.

To better understand these types of attacks, let's look at one of the most common types of XSS attacks: the hijacking of user sessions.

Hijacking a user session

Here, the attacker will try to inject malicious code into a web application that can be used to exfiltrate the session cookie that will be used to impersonate the victim.

To better illustrate this attack, let's see an example based on a web application used to rent houses, as follows:

  1. The attacker will log in to the vulnerable site and create an entry to advertise the renting...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime