0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Attacking and Exploiting Modern Web Applications

You're reading from Attacking and Exploiting Modern Web Applications Discover the mindset, techniques, and tools to perform modern web attacks and exploitation

Product type Paperback

Published in Aug 2023

Publisher Packt

ISBN-13 9781801816298

Length 338 pages

Edition 1st Edition

Languages

Solidity

Tools

Blockchain

Concepts

Web Security

Authors (2):

Simone Onofri

Donato Onofri

View More author details

Table of Contents (14) Chapters

Preface

1. Part 1: Attack Preparation

2. Chapter 1: Mindset and Methodologies FREE CHAPTER

3. Chapter 2: Toolset for Web Attacks and Exploitation

4. Part 2: Evergreen Attacks

5. Chapter 3: Attacking the Authentication Layer – a SAML Use Case

6. Chapter 4: Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress

7. Chapter 5: Attacking IoT Devices – Command Injection and Path Traversal

8. Part 3: Novel Attacks

9. Chapter 6: Attacking Electron JavaScript Applications – from Cross-Site Scripting (XSS) to Remote Command Execution (RCE)

10. Chapter 7: Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic

11. Chapter 8: Continuing the Journey of Vulnerability Discovery

12. Index

Why subscribe?

13. Other Books You May Enjoy

An approach to discovering vulnerabilities

Beyond the vulnerabilities and challenges we’ve uncovered, our core interest lies in comprehending the approach to discovering vulnerabilities and giving examples of the techniques to find them.

Understanding what you are doing

The key to the process is understanding our actions and their implications. We will steer clear of the indiscriminate usage of automated tools. Their utility is acknowledged, but we left them outside the book’s scope. We focus on problem-solving by understanding how things work to discover vulnerabilities or overcome challenges. The key is to learn how to make something do something unexpected. The book intends to illustrate a mindset and a modus operandi by providing examples – or instances, as we can say in object-oriented languages – that apply this process.

Getting into the flow

The objective of the process is to comprehend a problem (e.g., how a specific software works, an...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

Simone Onofri

Simone Onofri

Simone Onofri is a cybersecurity director with over two decades of experience in Red and Blue Teaming, vulnerability research, and product management. He has been an instructor at the Joint Intelligence and EW Training Centre and is associated with global companies such as HewlettPackard Enterprise. Simone has discovered various vulnerabilities and holds key certifications such as GXPN, GREM, GWAPT, OSCP, and OPSA. An active participant in organizations such as OWASP and ISECOM, he regularly speaks at major conferences, including TEDx. Simone is committed to inspiring and educating industry professionals and enthusiasts through his work, with a mission to create a positive influence.

See other products by Simone Onofri

Onofri

Onofri

Donato Onofri is a seasoned Red Team engineer. He has over a decade of experience in activities including reverse engineering, Red Teaming, threat research, and penetration testing. Passionate about both the offensive and defensive sides of cybersecurity, Donato has worked with industry leaders such as CrowdStrike and Hewlett-Packard Enterprise and as an advisor and engineer for governments and financial institutions. His research delves into state-of-the-art security techniques, malware analysis, and internals. He holds the GREM, GXPN, OSCP, OSCE, and OSWE certifications, and his expertise is underscored by multiple recognitions for vulnerability discovery.

See other products by Onofri

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m