Hands-on Penetration Testing for Web Applications : Run Web Security Testing on Modern Applications Using Nmap, Burp Suite and Wireshark (English Edition)

Popularité

La popularité est une évaluation communautaire de chaque livre calculée sur une échelle de 0 à 100.

Cette évaluation repose sur une agrégation de diverses quantités qui reflètent la vie de chaque livre au sein de la communauté des lecteurs. Cette vie s'exprime en fréquence de lecture, nombre d'étagères publiques et privées dans lesquelles le livre est présent.

Un calcul 'propriétaire' mélangeant ces quantités restitue sous la forme synthétique d'un score l'aura collective du livre.

Learn how to build an end-to-end Web application security testing framework

Description

Hands-on Penetration Testing for Web Applications offers readers with knowledge and skillset to identify, exploit and control the security vulnerabilities present in commercial web applications including online banking, mobile payments and e-commerce applications.

We begin with exposure to modern application vulnerabilities present in web applications. You will learn and gradually practice the core concepts of penetration testing and OWASP Top Ten vulnerabilities including injection, broken authentication and access control, security misconfigurations and cross-site scripting (XSS).

What you will learn

Complete overview of concepts of web penetration testing.

Learn to secure against OWASP TOP 10 web vulnerabilities.

Discover security flaws in your web application using most popular tools like nmap and wireshark.

Learn to respond modern automated cyber attacks with the help of expert-led tips and tricks.

Who this book is for

This book is for Penetration Testers, ethical hackers, and web application developers. People who are new to security testing will also find this book useful. Basic knowledge of HTML, JavaScript would be an added advantage.

Table of Contents

1. Why Application Security?

2. Modern application Vulnerabilities

3. Web Pentesting Methodology

4. Testing Authentication

5. Testing Session Management

6. Testing Secure Channels

7. Testing Secure Access Control

8. Sensitive Data and Information disclosure

9. Testing Secure Data validation

10. Attacking Application Users: Other Techniques

11. Attacking Application Users: Other Techniques

12. Automating Custom Attacks

13. Pentesting Tools

14. Static Code Analysis

15. Mitigations and Core Defense Mechanisms

Learn how to build an end-to-end Web application security testing frameworkDescriptionHands-on Penetration Testing for Web Applications offers readers with knowledge and skillset to identify, exploit and control the security vulnerabilities present in commercial web applications including online ban

Voir toute la description...