Attacking and exploiting modern web applications discover the mindset, techniques, and tools to perform modern web attacks and exploitation
Master the art of web exploitation with real-world techniques on SAML, WordPress, IoT, ElectronJS, and Ethereum smart contracts Purchase of the print or Kindle book includes a free PDF eBookKey FeaturesLearn how to detect vulnerabilities using source code, dynamic analysis, and decompiling binariesF...
| Otros Autores: | , , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, England :
Packt Publishing Ltd
[2023]
|
| Edición: | 1st ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009764839206719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright and Credits
- Dedication
- Foreword
- Contributors
- Table of Contents
- Part 1: Attack Preparation
- Chapter 1: Mindset and Methodologies
- Approach and mindset
- The approach
- The process
- The testing techniques
- The baseline competencies
- The mindset
- Methodologies and frameworks
- NIST SP 800-115
- Penetration Testing Execution Standard (PTES)
- OWASP's WSTG
- ISECOM's OSSTMM
- The recipe
- Summary
- Further reading
- Chapter 2: Toolset for Web Attacks and Exploitation
- Technical requirements
- Operating systems and the tools of the trade
- Operating system
- Linux
- Windows
- macOS
- Browser
- Interception proxy
- Python for automating web tasks
- Virtualization and containerization systems
- VirtualBox
- Docker
- Summary
- Further reading
- Part 2: Evergreen Attacks
- Chapter 3: Attacking the Authentication Layer - a SAML Use Case
- Technical requirements
- Scenario files
- The Doors of Durin SAML login scenario
- How does SAML work and what are its vulnerabilities?
- What is SAML?
- Vulnerabilities on SAML
- Other authentication methods used with HTTP
- How to discover and exploit vulnerabilities in SAML
- Installing SAML Raider
- Verifying the typical flow - the happy case
- Verifying whether it is possible to send information without signature
- Verifying whether it is possible to use a self-signed certificate
- Verifying whether it is possible to use XML Signature Wrapping (XSW)
- Other attacks and vulnerabilities on SAML
- Summary
- Further reading
- Chapter 4: Attacking Internet-Facing Web Applications - SQL Injection and Cross-Site Scripting (XSS) on WordPress
- Technical requirements
- Scenario files
- WordPress scenario introduction
- How does SQL injection work?
- SQL injection types
- SQL injection techniques.
- SQL injection impact
- Other injection vulnerabilities
- How to discover and exploit SQL injection vulnerabilities
- Information gathering and threat modeling
- Starting with Static Analysis
- Finding interesting files
- Analyzing interesting files
- Moving to dynamic analysis
- Finding the dynamic request
- Analyzing the context
- Verifying the SQL injection
- Exploiting the SQL injection
- Writing the exploit with Python
- Other attacks and vulnerabilities on internet-facing web applications
- The bonus XSS
- Summary
- Further reading
- Chapter 5: Attacking IoT Devices - Command Injection and Path Traversal
- Technical requirements
- Physical device
- Scenario files
- IoT router exploitation scenario introduction
- How to analyze IoT devices
- IoT device analysis
- Analyzing industrial control system devices
- How to find and exploit vulnerabilities in IoT devices
- Basic physical analysis
- Firmware analysis
- Web Application Analysis
- Summary
- Further reading
- Part 3: Novel Attacks
- Chapter 6: Attacking Electron JavaScript Applications - from Cross-Site Scripting (XSS) to Remote Command Execution (RCE)
- Technical requirements
- Scenario files
- Electron JavaScript applications scenario introduction
- How Electron JavaScript applications and XSS work
- Understanding an Electron JavaScript application's structure
- Common vulnerabilities in Electron applications
- How does XSS work?
- How to find and exploit XSS in Electron JavaScript applications to obtain RCE
- Downloading the source code and running the application
- Extracting an Electron packaged application
- Instrumenting our Electron JavaScript application
- Looking into previous research
- Starting the dynamic analysis process
- Debugging the application
- Analyzing the storage file to locate a potentially stored XSS.
- Analyzing the code to understand the neutralization function
- Confirming the vulnerabilities dynamically
- Weaponizing the XSS into an RCE
- Other XSS sinks that we found
- Other vulnerabilities
- Summary
- Further reading
- Chapter 7: Attacking Ethereum Smart Contracts - Reentrancy, Weak Sources of Randomness, and Business Logic
- Technical requirements
- Scenario files
- LicenseManager smart contract scenario
- How smart contracts work on the Ethereum blockchain and security considerations
- What are smart contracts in the Ethereum blockchain?
- Ethereum blockchain and security
- How to find and exploit vulnerabilities in Ethereum smart contracts
- Installing Foundry
- Auditing the LicenseManager smart contract
- Analyzing the source code of the winLicense function
- Compiling with "forge build" and analyzing the artifacts
- Decompiling and disassembling the smart contract's bytecode
- Dynamic analysis with "forge test"
- Exploiting weak sources of randomness from chain attributes
- Exploiting business logic vulnerabilities
- Exploiting reentrancy and analyzing the traces
- Other vulnerabilities
- Unleashing the power of Foundry and other tools
- Summary
- Further reading
- Chapter 8: Continuing the Journey of Vulnerability Discovery
- An approach to discovering vulnerabilities
- Understanding what you are doing
- Getting into the flow
- The fellowship of the exploit
- The dilemma of disclosing vulnerabilities
- What we did while writing the book
- Different perspectives
- Disclosure for Chief Information Security Officers (CISOs)
- Vulnerability disclosure today
- What's next?
- Summary
- Further reading
- Index
- Other Books You May Enjoy.
