Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Attacking and Exploiting Modern Web Applications

You're reading from   Attacking and Exploiting Modern Web Applications Discover the mindset, techniques, and tools to perform modern web attacks and exploitation

Arrow left icon
Product type Paperback
Published in Aug 2023
Publisher Packt
ISBN-13 9781801816298
Length 338 pages
Edition 1st Edition
Languages
Arrow right icon
Authors (2):
Arrow left icon
Simone Onofri Simone Onofri
Author Profile Icon Simone Onofri
Simone Onofri
Donato Onofri Donato Onofri
Author Profile Icon Donato Onofri
Donato Onofri
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Part 1: Attack Preparation
2. Chapter 1: Mindset and Methodologies FREE CHAPTER 3. Chapter 2: Toolset for Web Attacks and Exploitation 4. Part 2: Evergreen Attacks
5. Chapter 3: Attacking the Authentication Layer – a SAML Use Case 6. Chapter 4: Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress 7. Chapter 5: Attacking IoT Devices – Command Injection and Path Traversal 8. Part 3: Novel Attacks
9. Chapter 6: Attacking Electron JavaScript Applications – from Cross-Site Scripting (XSS) to Remote Command Execution (RCE) 10. Chapter 7: Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic 11. Chapter 8: Continuing the Journey of Vulnerability Discovery 12. Index 13. Other Books You May Enjoy

What this book covers

Chapter 1, Mindset and Methodologies, offers an overview of the mindset and guiding principles for attacks, the learning process, the skill set, techniques for exploitation, and the methodologies that can be used to attack web applications.

Chapter 2, Toolset for Web Attacks and Exploitation, explains the tools available to attack web applications such as operating systems, browsers, interception proxies, Bash, and Python by playing a CTF.

Chapter 3, Attacking the Authentication Layer – a SAML Use Case, contains the first scenario we will analyze, again through a CTF exercise, where we will learn to exploit authentication systems, specifically SAML, through Burp.

Chapter 4, Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress, explores another scenario where we will find two CVEs together. We will find a SQL injection by reading the source code for a WordPress plugin and exploiting it first by hand with Burp and then with Python. We will also find an XSS.

Chapter 5, Attacking IoT Devices – Command Injection and Path Traversal, examines a scenario where we will analyze an IoT device, starting from the firmware, emulate it, and find four CVEs relating to command injections, bypassing some security features. We will also reverse-engineer together some of the binaries present in the device.

Chapter 6, Attacking Electron JavaScript Applications – from Cross-Site Scripting (XSS) to Remote Command Execution (RCE), delves into a scenario where we will analyze an Electron JavaScript application we use daily, figuring out how to instrument and debug it. We will find a CVE related to an XSS, which we will then turn into an RCE.

Chapter 7, Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic, provides the last scenario. It’s structured as a CTF exercise, where we will analyze smart contracts on Ethereum, revert them, and exploit several business logic vulnerabilities and the famous reentrancy by writing an attacking contract with Solidity and Foundry.

Chapter 8, Continuing the Journey of Vulnerability Discovery, concludes by reflecting on what we learned in the previous chapters. There’s not so much about specific vulnerabilities and, in general, more about the methods used. We will also mention the vulnerability disclosure dilemma from the researcher and CISO perspectives.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image