Hands-on Penetration Testing for Web Applications
- Length: 310 pages
- Edition: 1
- Language: English
- Publisher: BPB Publications
- Publication Date: 2021-03-27
- ISBN-10: 9389328543
- ISBN-13: 9789389328547
- Sales Rank: #716063 (See Top 100 Books)
Learn how to build an end-to-end Web application security testing framework
Key Features
- Exciting coverage on vulnerabilities and security loopholes in modern web applications.
- Practical exercises and case scenarios on performing pentesting and identifying security breaches.
- Cutting-edge offerings on implementation of tools including nmap, burp suite and wireshark.
Description
Hands-on Penetration Testing for Web Applications offers readers with knowledge and skillset to identify, exploit and control the security vulnerabilities present in commercial web applications including online banking, mobile payments and e-commerce applications.
We begin with exposure to modern application vulnerabilities present in web applications. You will learn and gradually practice the core concepts of penetration testing and OWASP Top Ten vulnerabilities including injection, broken authentication and access control, security misconfigurations and cross-site scripting (XSS). You will then gain advanced skillset by exploring the methodology of security testing and how to work around security testing as a true security professional. This book also brings cutting-edge coverage on exploiting and detecting vulnerabilities such as authentication flaws, session flaws, access control flaws, input validation flaws etc. You will discover an end-to-end implementation of tools such as nmap, burp suite, and wireshark. You will then learn to practice how to execute web application intrusion testing in automated testing tools and also to analyze vulnerabilities and threats present in the source codes.
By the end of this book, you will gain in-depth knowledge of web application testing framework and strong proficiency in exploring and building high secured web applications.
What you will learn
- Complete overview of concepts of web penetration testing.
- Learn to secure against OWASP TOP 10 web vulnerabilities.
- Discover security flaws in your web application using most popular tools like nmap and wireshark.
- Learn to respond modern automated cyber attacks with the help of expert-led tips and tricks.
Who this book is for
This book is for Penetration Testers, ethical hackers, and web application developers. People who are new to security testing will also find this book useful. Basic knowledge of HTML, JavaScript would be an added advantage.
Table of Contents
1. Why Application Security?
2. Modern application Vulnerabilities
3. Web Pentesting Methodology
4. Testing Authentication
5. Testing Session Management
6. Testing Secure Channels
7. Testing Secure Access Control
8. Sensitive Data and Information disclosure
9. Testing Secure Data validation
10. Attacking Application Users: Other Techniques
11. Testing Configuration and Deployment
12. Automating Custom Attacks
13. Pentesting Tools
14. Static Code Analysis
15. Mitigations and Core Defense Mechanisms
About the Authors
Richa Gupta is a Senior Security test engineer at Altran, where she is responsible for delivering Security Solutions to different financial, digital and retail verticals. Her 7 years of experience in the industry have been dominated by the technical aspects of application security, from the dual perspectives of a consulting and end-user implementation role. She has done attack-based security assessment and penetration testing. She has worked extensively with large-scale web application deployments in the Retail services industry. She has worked on many cloud solutions like AWS, Azure, GCP.
She is a certified penetration tester holding Certified Ethical Hacking (CEH) certification.
LinkedIn profile: https://www.linkedin.com/in/richa-gupta-366b6274/
Cover Page Title Page Copyright Page Dedication Page About the Author About the Reviewers Acknowledgement Preface Errata Table of Contents 1. Why Application Security Structure Objectives Modern web applications The need for application security Application security challenges Application security trends Conclusion Multiple choice questions Answer of multiple-choice questions Questions 2. Web Application Technologies Structure Objectives Web application technologies HTTP (Hypertext Transfer Protocol) HTTP request HTTP response HTTP methods HTTPS Cookies Web functionalities Server-side functionality Client-side functionality Data formats JavaScript Object Notation (JSON) Extensible mark-up language (XML) API Common web application attacks OWASP Top 10 vulnerabilities A1- Injection A2- Broken Authentication A3- Sensitive Data Exposure A4- XML External Entities A5- Broken Access Control A6- Security Misconfiguration A7- Cross-Site Scripting A8- Insecure Deserialization A9- Using components with known vulnerabilities A10- Insufficient Logging and Monitoring Conclusion Multiple choice questions Answer of multiple-choice questions Questions 3. Web Pentesting Methodology Structure Objectives Pentesting methodology Information gathering Vulnerability scanning Exploitation Reporting Entering into first phase: Reconnaissance Mapping application’s content Analyze the application’s content Conclusion Multiple choice questions Answer of multiple choice questions Questions 4. Testing Authentication Structure Objectives Authentication technologies Authentication design flaws Weak username or password policy Weak account lockout mechanism Vulnerable remember password policy Weak security questions Password change functionality Weak forgot password functionality Brute-forcible login Informative error messages Implementation design flaws Multistage login defects Insecure storage of credentials Insecure transportation of credentials Test cases checklist User login testing User logout testing Password reset/forgotten password testing Account locking/unlocking testing Username or password policy Remember password Multi-factor authentication testing Bypassing authentication schema Brute-force testing Conclusion Multiple choice questions Answer of multiple choice questions Questions 5. Testing Session Management Structure Objectives Session management schema Testing weakness in cookie attributes Testing weakness in token generation Testing session fixation Testing single sign-on systems Testing weakness in token handling Conclusion Multiple choice questions Answers of multiple choice questions Questions 6. Testing Secure Channels Structure Objectives Testing weak SSL/TLS ciphers and insufficient transport layer protection Secure web services API data security Conclusion Multiple choice questions Answers of multiple choice questions Questions 7. Testing Secure Access Control Structure Objectives Access control flaws Attacking access control Testing directory traversal Testing privilege escalation Vertical privilege escalation Unprotected functionality Parameter-based access control methods Horizontal privilege escalation Testing insecure Direct Object References Conclusion Multiple choice questions Answers of multiple choice questions Questions 8. Testing Sensitive Data and Information Disclosure Structure Objectives Sensitive Data Exposure Information Disclosure Exploiting Error Messages Web Server errors Application errors Database errors Script errors Stack traces Exploiting public resources Analyzing application Information Disclosure Logs Conclusion Multiple choice questions Answer of multiple choice questions Questions 9. Testing Secure Data Validation Structure Objectives Testing an SQL injection SQL injection in different parts of the query How to detect SQL injection vulnerabilities? Fingerprinting the database Exploiting an SQL injection Retrieving hidden data Subverting application logic Extracting useful data using union attacks Examining the database Retrieving data as numbers Blind SQL injection By triggering time delays Using Out-of-Band (OAST) techniques Bypassing filters Second-order SQL injection SQL injection cheat sheet Testing the NoSQL injection Testing the XPATH injection Blind XPath injection Testing the LDAP injection Testing the SSI injection Testing the IMAP/SMTP injection Finding and exploiting cross-site scripting Stored cross-site scripting Finding and exploiting stored XSS Reflected cross-site scripting Finding and exploiting Reflected XSS Bypassing XSS filters DOM-based cross-site scripting Finding and exploiting DOM-based XSS Cross-site scripting contexts HTML tag attributes JavaScript Attributes containing a URL JavaScript events <body> tag <img> tag <iframe> tag <input> tag <link> tag <table> tag <div> tag <object> tag Impact of XSS Testing backend HTTP requests HTTP verb tampering HTTP parameter injection HTTP parameter pollution Testing code injection Testing LFI/RFI Local file inclusion vulnerability Remote file inclusion vulnerability Testing the OS command injection Detecting and exploiting blind command injection flaws Testing the XML injection Injecting into XML external entities Exploiting XXE to retrieve files Exploiting XXE to perform SSRF attacks Exploiting XXE using modified content type Blind XXE vulnerabilities Testing an HTTP header injection Host header injection Testing HTTP splitting/smuggling HTTP splitting HTTP smuggling CL.TE vulnerabilities TE.CL vulnerabilities TE.CL vulnerabilities Exploiting the HTTP request smuggling to bypass security controls Testing the buffer overflow Stack overflows Heap overflows Conclusion Multiple choice questions Answers of multiple choice questions Questions 10. Attacking Application Users: Other Techniques Structure Objectives Cross-Site Request Forgery Attack Server-Side Template Injection Constructing a Server-Side Template Injection DOM-based vulnerabilities DOM-based cookie manipulation DOM-based document domain manipulation DOM-Based Local File-Path Manipulation Web cache poisoning Web Cache Poisoning using Host Header Injection Invalid redirects and forwards Clickjacking Insecure file upload and download areas Bypassing same-origin policy XSS Circumvent SOP Bypass SOP in Java Bypass SOP in Adobe Flash Bypass SOP in Silverlight Cross-Origin Resource Sharing Access-Control-Allow-Origin Access-Control-Allow-Credentials Vulnerabilities in CORS implementation Insecure deserialization Conclusion Multiple choice question Answers of multiple choice questions Questions 11. Testing Configuration and Deployment Structure Objectives Testing HTTP methods Testing HTTP Strict Transport Security Testing RIA Cross Domain Policy Vulnerable server configuration Testing application platform configuration Port scanning Ping scan TCP SYN scan TCP Connect scan UDP scan FIN scan X-MAS scan Web application firewalls Client-side testing JavaScript execution HTML injection WebSockets Conclusion Multiple choice questions Answer of multiple-choice questions Questions 12. Automating Security Attacks Structure Objective Why automated attacks? Enumerating information identifiers Harvesting useful data Web application security scanners SQLmap Nikto Fuzzing DirBuster DevSecOps using an automated approach Automation barriers Conclusion Multiple choice questions Answers of multiple choice questions Questions 13. Penetration Testing Tools Structure Objectives Nmap Ping sweep TCP stealth scan TCP connect scan UDP scan Host scan FIN, Null, X-MAS Tree scans IP protocol scan ACK scan Window scan Version detection OS detection Aggressive scan Port options Timing options Logging options Idle scan Wireshark Burp Suite Burp Spider Burp repeater Burp scanner Burp intruder Burp sequencer Burp decoder Burp comparer Conclusion Multiple choice questions Answers of multiple choice questions Questions 14. Static Code Analysis Structure Objectives Static Code Analysis Security Code Review Checklist Cross-site Scripting SQL Injection Path Traversal Use of hardcoded password Buffer overflow Useful comments Different technology platforms Java ASP.NET PHP Tools for code review SonarQube Checkmarx Fortify Static Code Analyzer Conclusion Multiple choice questions Answer of multiple-choice questions Questions 15. Mitigations and Core Defense Mechanisms Structure Objectives Securing Authentication Strong user credentials Handling user credentials securely Brute force protection Prevent unauthorized password change Check verification logic Implement appropriate multi-factor authentication Securing session management Strong session identifiers or token generation Protection of session identifiers or tokens Securing cookie attributes Session data storage Preventing session fixation Securing access controls Securing client-side data Securing Injection Flaws Preventing SQL injection Preventing NoSQL injection Preventing XPath injection Preventing LDAP injection Preventing SMTP injection Preventing code injection Preventing OS command injection Preventing XML injection Securing input validation flaws Preventing cross-site request forgery attack Synchronizer tokens Encryption-based tokens (stateless) HMAC-based tokens SameSite cookie attribute Double submit cookie (stateless) Preventing web cache poisoning Preventing redirection vulnerabilities Preventing clickjacking attack X-Frame options Content security policy Framebusting Preventing insecure upload areas Preventing CORS-based attacks Preventing HTTP smuggling Securing XSS attacks Preventing stored and reflected XSS Encoding data Validating input Content security policy HTTPONLY cookie flag Preventing DOM-based XSS Securing information disclosure Conclusion Multiple choice questions Answer of multiple choice questions Questions Index
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.