Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Attacking and Exploiting Modern Web Applications

You're reading from   Attacking and Exploiting Modern Web Applications Discover the mindset, techniques, and tools to perform modern web attacks and exploitation

Arrow left icon
Product type Paperback
Published in Aug 2023
Publisher Packt
ISBN-13 9781801816298
Length 338 pages
Edition 1st Edition
Languages
Arrow right icon
Authors (2):
Arrow left icon
Simone Onofri Simone Onofri
Author Profile Icon Simone Onofri
Simone Onofri
Donato Onofri Donato Onofri
Author Profile Icon Donato Onofri
Donato Onofri
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Part 1: Attack Preparation
2. Chapter 1: Mindset and Methodologies FREE CHAPTER 3. Chapter 2: Toolset for Web Attacks and Exploitation 4. Part 2: Evergreen Attacks
5. Chapter 3: Attacking the Authentication Layer – a SAML Use Case 6. Chapter 4: Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress 7. Chapter 5: Attacking IoT Devices – Command Injection and Path Traversal 8. Part 3: Novel Attacks
9. Chapter 6: Attacking Electron JavaScript Applications – from Cross-Site Scripting (XSS) to Remote Command Execution (RCE) 10. Chapter 7: Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic 11. Chapter 8: Continuing the Journey of Vulnerability Discovery 12. Index 13. Other Books You May Enjoy

Preface

Why is there a need for another book on web attacks and exploitation? More than two decades have passed since Jeff “Rain Forest Puppy” Forristal first discussed the then-unknown SQL injection in the well-known Phrack e-zine in 1998.

The web plays a significant role in our daily lives and business operations. It has progressed from static web pages to the era of user-generated content known as Web 2.0, and now we have Web 3.0, a decentralized web that operates on blockchain technology.

Having been involved in web application security from its infancy, we find it fascinating to assess the current state of attacks and exploitation of web vulnerabilities. As suggested by the OWASP TOP 10, the nature of these vulnerabilities remains relatively consistent, although their specific characteristics evolve. Examining how Advanced Persistent Threats (APTs) often use web attacks for initial access and persistence is interesting – mapping them using MITRE ATT&CK.

This book will provide an in-depth understanding of hackers’ methods for web attacks and exploitation, analyzing some Capture the Flags (CTFs) we created and several Common Vulnerabilities and Exposures (CVEs) we discovered.

The first part helps you understand the methodologies and frameworks, how to configure your research lab, and how to automate tasks with Bash and Python.

The second and third parts will guide you through practical examples using dynamic analysis, analyzing source code, reversing binaries, debugging, and instrumenting. In each chapter, you will find a brief introduction to the basics of each specific technology, the vulnerability, and the risk. Then, we’ll provide step-by-step instructions to discover and exploit the vulnerabilities.

In the second part, you’ll get an overview of evergreen vulnerabilities in authentication with a use case on SAML, SQL injection and Cross-Site Scripting (XSS) on WordPress, and Command Injection and Path Traversal on Internet of Things (IoT) devices, and then we’ll focus on analyzing source code and reversing binaries.

In the third part, you will see vulnerabilities in newer contexts, turning an XSS into a Remote Code Execution (RCE), analyzing Electron JavaScript applications and, exploiting the famous Reentrancy when auditing an Ethereum smart contract written in Solidity.

After reading this book, you will have improved your skills in identifying and taking advantage of web vulnerabilities and comprehending the consequences of disclosure.

lock icon The rest of the chapter is locked
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime