Attacking and Exploiting Modern Web Applications - Simone Onofri, Donato Onofri

Attacking and Exploiting Modern Web Applications

Discover the mindset, techniques, and tools to perform modern web attacks and exploitation
Buch | Softcover
338 Seiten
2023
Packt Publishing Limited (Verlag)
978-1-80181-629-8 (ISBN)
48,60 inkl. MwSt
Master the art of web exploitation with real-world techniques on SAML, WordPress, IoT, ElectronJS, and Ethereum smart contracts
Purchase of the print or Kindle book includes a free PDF eBook

Key Features

Learn how to detect vulnerabilities using source code, dynamic analysis, and decompiling binaries
Find and exploit vulnerabilities such as SQL Injection, XSS, Command Injection, RCE, and Reentrancy
Analyze real-world security incidents based on MITRE ATT&CK to understand the risk at the CISO level

Book DescriptionWeb attacks and exploits pose an ongoing threat to the interconnected world. This comprehensive book explores the latest challenges in web application security, providing you with an in-depth understanding of hackers' methods and the practical knowledge and skills needed to effectively understand web attacks.
The book starts by emphasizing the importance of mindset and toolset in conducting successful web attacks. You’ll then explore the methodologies and frameworks used in these attacks, and learn how to configure the environment using interception proxies, automate tasks with Bash and Python, and set up a research lab. As you advance through the book, you’ll discover how to attack the SAML authentication layer; attack front-facing web applications by learning WordPress and SQL injection, and exploit vulnerabilities in IoT devices, such as command injection, by going through three CTFs and learning about the discovery of seven CVEs. Each chapter analyzes confirmed cases of exploitation mapped with MITRE ATT&CK. You’ll also analyze attacks on Electron JavaScript-based applications, such as XSS and RCE, and the security challenges of auditing and exploiting Ethereum smart contracts written in Solidity. Finally, you’ll find out how to disclose vulnerabilities.
By the end of this book, you’ll have enhanced your ability to find and exploit web vulnerabilities.What you will learn

Understand the mindset, methodologies, and toolset needed to carry out web attacks
Discover how SAML and SSO work and study their vulnerabilities
Get to grips with WordPress and learn how to exploit SQL injection
Find out how IoT devices work and exploit command injection
Familiarize yourself with ElectronJS applications and transform an XSS to an RCE
Discover how to audit Solidity's Ethereum smart contracts
Get the hang of decompiling, debugging, and instrumenting web applications

Who this book is forThis book is for anyone whose job role involves ensuring their organization's security – penetration testers and red teamers who want to deepen their knowledge of the current security challenges for web applications, developers and DevOps professionals who want to get into the mindset of an attacker; and security managers and CISOs looking to truly understand the impact and risk of web, IoT, and smart contracts. Basic knowledge of web technologies, as well as related protocols is a must.

Simone Onofri is a cybersecurity director with over two decades of experience in Red and Blue Teaming, vulnerability research, and product management. He has been an instructor at the Joint Intelligence and EW Training Centre and is associated with global companies such as HewlettPackard Enterprise. Simone has discovered various vulnerabilities and holds key certifications such as GXPN, GREM, GWAPT, OSCP, and OPSA. An active participant in organizations such as OWASP and ISECOM, he regularly speaks at major conferences, including TEDx. Simone is committed to inspiring and educating industry professionals and enthusiasts through his work, with a mission to create a positive influence. Donato Onofri is a seasoned Red Team engineer. He has over a decade of experience in activities including reverse engineering, Red Teaming, threat research, and penetration testing. Passionate about both the offensive and defensive sides of cybersecurity, Donato has worked with industry leaders such as CrowdStrike and Hewlett-Packard Enterprise and as an advisor and engineer for governments and financial institutions. His research delves into state-of-the-art security techniques, malware analysis, and internals. He holds the GREM, GXPN, OSCP, OSCE, and OSWE certifications, and his expertise is underscored by multiple recognitions for vulnerability discovery.

Table of Contents

Mindset and Methodologies
Toolset for Web Attacks and Exploitation
Attacking the Authentication Layer – a SAML Use Case
Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress
Attacking IoT Devices – Command Injection and Path Traversal
Attacking Electron JavaScript Applications – from Cross-Site Scripting (XSS) to Remote Command Execution (RCE)
Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic
Continuing the Journey of Vulnerability Discovery

Erscheinungsdatum
Vorwort Matteo Meucci
Verlagsort Birmingham
Sprache englisch
Maße 191 x 235 mm
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Software Entwicklung SOA / Web Services
Mathematik / Informatik Informatik Web / Internet
ISBN-10 1-80181-629-8 / 1801816298
ISBN-13 978-1-80181-629-8 / 9781801816298
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00