You're reading from Attacking and Exploiting Modern Web Applications Discover the mindset, techniques, and tools to perform modern web attacks and exploitation

Product type Paperback

Published in Aug 2023

Publisher Packt

ISBN-13 9781801816298

Length 338 pages

Edition 1st Edition

Languages

Solidity

Tools

Blockchain

Concepts

Web Security

Authors (2):

Simone Onofri

Donato Onofri

View More author details

Table of Contents (14) Chapters

Preface

1. Part 1: Attack Preparation

2. Chapter 1: Mindset and Methodologies FREE CHAPTER

3. Chapter 2: Toolset for Web Attacks and Exploitation

4. Part 2: Evergreen Attacks

5. Chapter 3: Attacking the Authentication Layer – a SAML Use Case

6. Chapter 4: Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress

7. Chapter 5: Attacking IoT Devices – Command Injection and Path Traversal

8. Part 3: Novel Attacks

9. Chapter 6: Attacking Electron JavaScript Applications – from Cross-Site Scripting (XSS) to Remote Command Execution (RCE)

10. Chapter 7: Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic

11. Chapter 8: Continuing the Journey of Vulnerability Discovery

12. Index

Why subscribe?

13. Other Books You May Enjoy

What this book covers

Chapter 1, Mindset and Methodologies, offers an overview of the mindset and guiding principles for attacks, the learning process, the skill set, techniques for exploitation, and the methodologies that can be used to attack web applications.

Chapter 2, Toolset for Web Attacks and Exploitation, explains the tools available to attack web applications such as operating systems, browsers, interception proxies, Bash, and Python by playing a CTF.

Chapter 3, Attacking the Authentication Layer – a SAML Use Case, contains the first scenario we will analyze, again through a CTF exercise, where we will learn to exploit authentication systems, specifically SAML, through Burp.

Chapter 4, Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress, explores another scenario where we will find two CVEs together. We will find a SQL injection by reading the source code for a WordPress plugin and exploiting it first by hand with Burp and then with Python. We will also find an XSS.

Chapter 5, Attacking IoT Devices – Command Injection and Path Traversal, examines a scenario where we will analyze an IoT device, starting from the firmware, emulate it, and find four CVEs relating to command injections, bypassing some security features. We will also reverse-engineer together some of the binaries present in the device.

Chapter 6, Attacking Electron JavaScript Applications – from Cross-Site Scripting (XSS) to Remote Command Execution (RCE), delves into a scenario where we will analyze an Electron JavaScript application we use daily, figuring out how to instrument and debug it. We will find a CVE related to an XSS, which we will then turn into an RCE.

Chapter 7, Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic, provides the last scenario. It’s structured as a CTF exercise, where we will analyze smart contracts on Ethereum, revert them, and exploit several business logic vulnerabilities and the famous reentrancy by writing an attacking contract with Solidity and Foundry.

Chapter 8, Continuing the Journey of Vulnerability Discovery, concludes by reflecting on what we learned in the previous chapters. There’s not so much about specific vulnerabilities and, in general, more about the methods used. We will also mention the vulnerability disclosure dilemma from the researcher and CISO perspectives.

The rest of the chapter is locked

You're reading from Attacking and Exploiting Modern Web Applications Discover the mindset, techniques, and tools to perform modern web attacks and exploitation

Table of Contents (14) Chapters

What this book covers

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you