Packt+ | Advance your knowledge in tech

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Mastering Modern Web Penetration Testing

You're reading from Mastering Modern Web Penetration Testing Master the art of conducting modern pen testing attacks and techniques on your web application before the hacker does!

Product type Paperback

Published in Oct 2016

Publisher Packt

ISBN-13 9781785284588

Length 298 pages

Edition 1st Edition

Tools

Kali Linux

Concepts

Web Penetration Testing

Authors (2):

Prakhar Prasad

Rafay Baloch

View More author details

Table of Contents (13) Chapters

Preface

1. Common Security Protocols FREE CHAPTER

2. Information Gathering

3. Cross-Site Scripting

4. Cross-Site Request Forgery

5. Exploiting SQL Injection

6. File Upload Vulnerabilities

7. Metasploit and Web

8. XML Attacks

9. Emerging Attack Vectors

10. OAuth 2.0 Security

11. API Testing Methodology

Index

Evasion – tamper scripts

Tamper scripts are basically used in the evasion of simple filters and Web Application Firewalls (WAFs). They are a collection of in-built scripts which modify the injection vector used by SQLMap. There are cases when WAF detects the injection vectors and blocks the whole process. The following table gives a brief description of various tamper scripts and their usage. The comprehensive table was fabricated by Jake Rogers at http://www.forkbombers.com/ so the entire credit goes to him.

Name	Description
`apostrophemask.py`	Replaces the apostrophe character with its UTF-8 full width counterpart.
`apostrophenullencode.py`	Replaces the apostrophe character with its illegal double unicode counterpart.
`appendnullbyte.py`	Appends the encoded NULL byte character at the end of the payload.
`base64encode.py`	Base64 all characters in a given payload.
`between.py`	Replaces greater than operator (`>`) with `NOT BETWEEN 0 AND #`.
`bluecoat.py`	Replaces the space character...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

Prakhar Prasad

Prakhar Prasad

Prakhar Prasad is a web application security researcher and penetration tester from India. He has been a successful participant in various bug bounty programs and has discovered security flaws on websites such as Google, Facebook, Twitter, PayPal, Slack, and many more. He secured the tenth position worldwide in the year 2014 at HackerOne's platform. He is OSCP and OSWP certified, which are some of the most widely respected certifications in the information security industry. He occasionally performs training and security assessment for various government, non-government, and educational organizations.

See other products by Prakhar Prasad

Rafay Baloch

Rafay Baloch

See other products by Rafay Baloch

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m