更新时间:2021-06-11 13:39:21
封面
版权页
Why subscribe?
Packt.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Chapter 1. Introduction to Attacking Web Applications
Rules of engagement
The tester's toolkit
The attack proxy
Cloud infrastructure
Resources
Exercises
Summary
Chapter 2. Efficient Discovery
Types of assessments
Target mapping
Efficient brute-forcing
Polyglot payloads
Chapter 3. Low-Hanging Fruit
Network assessment
A better way to shell
Cleaning up
Chapter 4. Advanced Brute-forcing
Password spraying
Behind seven proxies
Chapter 5. File Inclusion Attacks
RFI
LFI
File inclusion to remote code execution
More file upload issues
Chapter 6. Out-of-Band Exploitation
A common scenario
Command and control
Let’s Encrypt Communication
INet simulation
The confirmation
Async data exfiltration
Data inference
Chapter 7. Automated Testing
Extending Burp
Obfuscating code
Burp Collaborator
Chapter 8. Bad Serialization
Abusing deserialization
Attacking custom protocols
Chapter 9. Practical Client-Side Attacks
SOP
Cross-origin resource sharing
XSS
CSRF
BeEF
Chapter 10. Practical Server-Side Attacks
Internal and external references
XXE attacks
Chapter 11. Attacking APIs
API communication protocols
API authentication
Postman
Attack considerations
Chapter 12. Attacking CMS
Application assessment
Backdooring the code
Chapter 13. Breaking Containers
Vulnerable Docker scenario
Foothold
Situational awareness
Container breakout
Leave a review - let other readers know what you think
Index
