Attacking and Exploiting Modern Web Applications: Discover the mindset, techniques, and tools to perform modern web attacks and exploitation

Master the art of web exploitation with real-world techniques on SAML, WordPress, IoT, ElectronJS, and Ethereum smart...
BD$70.16 BMD
BD$70.16 BMD
SKU: 9781801816298
Product Type: Books
Please hurry! Only 393 left in stock
Author: Simone Onofri
Format: Paperback
Language: English
Subtotal: BD$70.16
10 customers are viewing this product
Attacking and Exploiting Modern Web Applications: Discover the mindset, techniques, and tools to perform modern web attacks and exploitation by Onofri, Simone

Attacking and Exploiting Modern Web Applications: Discover the mindset, techniques, and tools to perform modern web attacks and exploitation

BD$70.16

Attacking and Exploiting Modern Web Applications: Discover the mindset, techniques, and tools to perform modern web attacks and exploitation

BD$70.16
Author: Simone Onofri
Format: Paperback
Language: English

Master the art of web exploitation with real-world techniques on SAML, WordPress, IoT, ElectronJS, and Ethereum smart contracts

Purchase of the print or Kindle book includes a free PDF eBook

Key Features
  • Learn how to detect vulnerabilities using source code, dynamic analysis, and decompiling binaries
  • Find and exploit vulnerabilities such as SQL Injection, XSS, Command Injection, RCE, and Reentrancy
  • Analyze real-world security incidents based on MITRE ATT&CK to understand the risk at the CISO level
Book Description

Web attacks and exploits pose an ongoing threat to the interconnected world. This comprehensive book explores the latest challenges in web application security, providing you with an in-depth understanding of hackers' methods and the practical knowledge and skills needed to effectively understand web attacks.

The book starts by emphasizing the importance of mindset and toolset in conducting successful web attacks. You'll then explore the methodologies and frameworks used in these attacks, and learn how to configure the environment using interception proxies, automate tasks with Bash and Python, and set up a research lab. As you advance through the book, you'll discover how to attack the SAML authentication layer; attack front-facing web applications by learning WordPress and SQL injection, and exploit vulnerabilities in IoT devices, such as command injection, by going through three CTFs and learning about the discovery of seven CVEs. Each chapter analyzes confirmed cases of exploitation mapped with MITRE ATT&CK. You'll also analyze attacks on Electron JavaScript-based applications, such as XSS and RCE, and the security challenges of auditing and exploiting Ethereum smart contracts written in Solidity. Finally, you'll find out how to disclose vulnerabilities.

By the end of this book, you'll have enhanced your ability to find and exploit web vulnerabilities.

What you will learn
  • Understand the mindset, methodologies, and toolset needed to carry out web attacks
  • Discover how SAML and SSO work and study their vulnerabilities
  • Get to grips with WordPress and learn how to exploit SQL injection
  • Find out how IoT devices work and exploit command injection
  • Familiarize yourself with ElectronJS applications and transform an XSS to an RCE
  • Discover how to audit Solidity's Ethereum smart contracts
  • Get the hang of decompiling, debugging, and instrumenting web applications
Who this book is for

This book is for anyone whose job role involves ensuring their organization's security - penetration testers and red teamers who want to deepen their knowledge of the current security challenges for web applications, developers and DevOps professionals who want to get into the mindset of an attacker; and security managers and CISOs looking to truly understand the impact and risk of web, IoT, and smart contracts. Basic knowledge of web technologies, as well as related protocols is a must.

Table of Contents
  1. Mindset and Methodologies
  2. Toolset for Web Attacks and Exploitation
  3. Attacking the Authentication Layer - a SAML Use Case
  4. Attacking Internet-Facing Web Applications - SQL Injection and Cross-Site Scripting (XSS) on WordPress
  5. Attacking IoT Devices - Command Injection and Path Traversal
  6. Attacking Electron JavaScript Applications - from Cross-Site Scripting (XSS) to Remote Command Execution (RCE)
  7. Attacking Ethereum Smart Contracts - Reentrancy, Weak Sources of Randomness, and Business Logic
  8. Continuing the Journey of Vulnerability Discovery


Author: Simone Onofri, Donato Onofri
Publisher: Packt Publishing
Published: 08/25/2023
Pages: 338
Binding Type: Paperback
Weight: 1.28lbs
Size: 9.25h x 7.50w x 0.70d
ISBN: 9781801816298

This title is not returnable

Returns Policy

You may return most new, unopened items within 30 days of delivery for a full refund. We'll also pay the return shipping costs if the return is a result of our error (you received an incorrect or defective item, etc.).

You should expect to receive your refund within four weeks of giving your package to the return shipper, however, in many cases you will receive a refund more quickly. This time period includes the transit time for us to receive your return from the shipper (5 to 10 business days), the time it takes us to process your return once we receive it (3 to 5 business days), and the time it takes your bank to process our refund request (5 to 10 business days).

If you need to return an item, simply login to your account, view the order using the "Complete Orders" link under the My Account menu and click the Return Item(s) button. We'll notify you via e-mail of your refund once we've received and processed the returned item.

Shipping

We can ship to virtually any address in the world. Note that there are restrictions on some products, and some products cannot be shipped to international destinations.

When you place an order, we will estimate shipping and delivery dates for you based on the availability of your items and the shipping options you choose. Depending on the shipping provider you choose, shipping date estimates may appear on the shipping quotes page.

Please also note that the shipping rates for many items we sell are weight-based. The weight of any such item can be found on its detail page. To reflect the policies of the shipping companies we use, all weights will be rounded up to the next full pound.

Related Products

Recently Viewed Products