Offensive Security Using Python A Hands-On Guide to Offensive Tactics and Threat Mitigation Using Practical Strategies
Unlock Python's hacking potential and discover the art of exploiting vulnerabilities in the world of offensive cybersecurity Key Features Get in-depth knowledge of Python's role in offensive security, from fundamentals through to advanced techniques Discover the realm of cybersecurity with...
Otros Autores: | , , |
---|---|
Formato: | Libro electrónico |
Idioma: | Inglés |
Publicado: |
Birmingham, England :
Packt Publishing
[2024]
|
Edición: | First edition |
Materias: | |
Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009853424306719 |
Tabla de Contenidos:
- Cover
- Title page
- Copyright and credits
- Dedication
- Foreword
- Contributors
- Table of Contents
- Preface
- Part 1: Python for Offensive Security
- Chapter 1: Introducing Offensive Security and Python
- Understanding the offensive security landscape
- Defining offensive security
- The origins and evolution of offensive security
- Use cases and examples of offensive security
- Industry relevance and best practices
- The role of Python in offensive operations
- Key cybersecurity tasks that are viable with Python
- Python's edge in cybersecurity
- The limitations of using Python
- Ethical hacking and legal considerations
- The key protocols of ethical hacking
- Ethical hacking's legal aspects
- Exploring offensive security methodologies
- Significance of offensive security
- The offensive security lifecycle
- Offensive security frameworks
- Setting up a Python environment for offensive tasks
- Setting up Python on Linux
- Setting up Python on macOS
- Setting up Python on Windows
- Exploring Python modules for penetration testing
- Essential Python libraries for penetration testing
- Case study - Python in the real world
- Scenario 1 - real-time web application security testing
- Scenario 2 - network intrusion detection
- Summary
- Chapter 2: Python for Security Professionals - Beyond the Basics
- Utilizing essential security libraries
- Harnessing advanced Python techniques for security
- Compiling a Python library
- Advanced Python features
- Decorators
- Generators
- Summary
- Activity
- Part 2: Python in Offensive Web Security
- Chapter 3: An Introduction to Web Security with Python
- Fundamentals of web security
- Python tools for a web vulnerability assessment
- Wapiti
- MITMProxy
- SQLMap
- Exploring web attack surfaces with Python
- HTTP header analysis
- HTML analysis.
- JavaScript analysis
- Specialized web technology fingerprinting libraries
- Proactive web security measures with Python
- Input validation and data sanitization
- Secure authentication and authorization
- Secure session management
- Secure coding practices
- Implementing security headers
- Summary
- Chapter 4: Exploiting Web Vulnerabilities Using Python
- Web application vulnerabilities - an overview
- SQL injection
- XSS
- IDOR
- A case study concerning web application security
- SQL injection attacks and Python exploitation
- Features of SQLMap
- How SQLMap works
- Basic usage of SQLMap
- Intercepting with MITMProxy
- XSS exploitation with Python
- Understanding how XSS works
- Reflected XSS (non-persistent)
- Stored XSS (persistent)
- Python for data breaches and privacy exploitation
- XPath
- CSS Selectors
- Summary
- Chapter 5: Cloud Espionage - Python for Cloud Offensive Security
- Cloud security fundamentals
- Shared Responsibility Model
- Cloud deployment models and security implications
- Encryption, access controls, and IdM
- Security measures offered by major cloud providers
- Access control in cloud environments
- Impact of malicious activities
- Python-based cloud data extraction and analysis
- Risks of hardcoded sensitive data and detecting hardcoded access keys
- Enumerating EC2 instances using Python (boto3)
- Exploiting misconfigurations in cloud environments
- Types of misconfigurations
- Identifying misconfigurations
- Exploring Prowler's functionality
- Enhancing security, Python in serverless, and infrastructure as code (IaC)
- Introducing serverless computing
- Introduction to IaC
- Summary
- Part 3: Python Automation for Advanced Security Tasks
- Chapter 6: Building Automated Security Pipelines with Python Using Third-Party Tools.
- The art of security automation - fundamentals and benefits
- The benefits of cybersecurity automation
- Functions of cybersecurity automation
- Cybersecurity automation best practices
- What is an API?
- Designing end-to-end security pipelines with Python
- Integrating third-party tools for enhanced functionality
- Why automate ZAP with Python?
- Setting up the ZAP automation environment
- Automating ZAP with Python
- CI/CD - what is it and why is it important for security automation?
- Integrating Beagle Security into our security pipeline
- Automating testing with Python
- Ensuring reliability and resilience in automated workflows
- Robust error-handling mechanisms
- Implementing retry logic
- Building idempotent operations
- Automated testing and validation
- Documentation and knowledge sharing
- Security and access control
- Implementing a logger for security pipelines
- Summary
- Chapter 7: Creating Custom Security Automation Tools with Python
- Designing and developing tailored security automation tools
- Integrating external data sources and APIs for enhanced functionality
- Extending tool capabilities with Python libraries and frameworks
- pandas
- scikit-learn
- Summary
- Part 4: Python Defense Strategies for Robust Security
- Chapter 8: Secure Coding Practices with Python
- Understanding secure coding fundamentals
- Principles of secure coding
- Common security vulnerabilities
- Input validation and sanitization with Python
- Input validation
- Input sanitization
- Preventing code injection and execution attacks
- Preventing SQL injection
- Preventing command injection
- Data encryption and Python security libraries
- Symmetric encryption
- Asymmetric encryption
- Hashing
- Secure deployment strategies for Python applications
- Environment configuration
- Dependency management.
- Secure server configuration
- Logging and monitoring
- Summary
- Chapter 9: Python-Based Threat Detection and Incident Response
- Building effective threat detection mechanisms
- Signature-based detection
- Anomaly detection
- Behavioral analysis
- Threat intelligence integration
- Real-time log analysis and anomaly detection with Python
- Preprocessing
- Real-time analysis with the ELK stack
- Anomaly detection techniques
- Visualizing anomalies
- Automating incident response with Python Scripts
- Leveraging Python for threat hunting and analysis
- Data collection and aggregation
- Data analysis techniques
- Automating threat hunting tasks
- Orchestrating comprehensive incident response using Python
- Designing an incident response workflow
- Integrating detection and response systems
- Logging and reporting
- Generating incident reports
- Summary
- Index
- Other Books You May Enjoy
- OLE_LINK12
- _Int_bkaDCfSC
- OLE_LINK13
- OLE_LINK3
- _Hlk146361481
- _Int_TcZpD8On
- _Int_F5jmih3p
- _Int_QRiFO5rm
- _Int_EeLSKsJo
- OLE_LINK15
- _Int_CMmsNieF
- OLE_LINK5
- OLE_LINK19
- _Int_De8SG51G
- _Int_zyPgFiYb
- _Int_ErvWzO6T
- OLE_LINK6
- _Int_i2MxAwh1
- _Int_tmeiWyXB
- OLE_LINK1
- OLE_LINK7
- OLE_LINK8
- _Int_NkemBQkB
- OLE_LINK9
- _Int_SUhNg4cX
- _Int_ihCOgYLS
- _Int_EIMHEe17
- OLE_LINK10
- OLE_LINK11
- _Int_CLZZ4qbT
- _Int_KAbAoGkA
- OLE_LINK4
- _Int_CfykNbIp
- _Int_l6kKGEco
- _Int_cwdZsoDx
- _Int_RURzu0cR
- _Int_DDjf41hP
- _Int_GUdYD5p0
- _Int_HNQAi43i
- _Int_8z14TaFM
- _Int_7rws3Prb
- _Int_U2ROHeyI
- _Int_v2Bnx9Zu
- _Int_Y6AUOImv
- _Int_zZCVk2LQ
- _Int_jjfdujnv
- _Int_Oy3EXG5v
- _Int_iosPgCJs
- _Int_TFTthTz9
- _Int_yv8z2zkM
- _Int_TtWJJ0jo
- _Int_IyHm77B2
- _Int_tX888CIx
- _Int_hosKM9dB
- _Int_PP9v1NaY
- _Int_p1IDq81l
- _Int_1h0GA0oa
- _Int_4jzLrzWm
- _Int_zuD23Gdr.
- _Int_yrbDRWGx
- _Int_mvWxOBgk
- _Int_e1ynDwng
- _Int_E5WPbRvd
- _Int_ik07RnQT
- _Int_uixqLP4p
- _Int_MQCIDSbu
- _Int_vW101Fs3
- _Int_MECdmoIg
- _Int_il1DBMWc
- _Int_im4ch9Qs
- _Int_KjAnUAkS
- _Int_RQnK0GqL
- _Int_MqK5ubgh
- _Int_pcKZkOxh
- _Int_nVxBbOCf
- _Int_OhycVcV5
- _Int_MdzmHSAR
- _Int_WMRKuNSs
- _Int_CbYOG8Xf
- _Int_rMoP6Y4c
- _Int_ryKbdLPF
- _Int_q4kK1Ige
- _Int_uNRm8pdn
- _Int_qQYLWHFL
- _Int_g6u1uoJ1
- OLE_LINK6
- _Int_plBgvcrr
- _Int_EBC0KAuq
- _Int_UwUd5a5S
- _Int_OURbvCOX
- _Int_SGc11RZW
- _Int_0luoJlVa
- _Int_ytaf4YEa
- _Int_DyeYW99t
- _Int_X7oA6gKG
- _Int_91RIYQKN
- _Int_1sbY7MpC
- _Int_SUH43hNk
- _Int_dk4CsUJz
- _Int_zOmEaDJc
- OLE_LINK14
- OLE_LINK16
- OLE_LINK17
- _Int_iOPc4I79
- _Int_vObvpBwX
- _Int_Sh0PvUCQ
- _Int_FkbdxX9t
- _Int_xqObit9S
- OLE_LINK19
- _Hlk149855058
- _Int_W5E01Lay
- _Int_9YpkIXGW
- _Int_k3fsPxvI
- _Int_D56ZjsqT
- _Int_Q5LrUWR3
- _Int_bkaDCfSC
- _Int_2yOM05By
- _Int_rNsi5wbp
- _Int_KyRSlOuT
- _Int_P00FIjSH
- _Int_CencMsfh
- _Int_3lslfkJe
- _Int_7oSSbBgT
- OLE_LINK22
- _Int_0M403O60
- _Int_GmK1TWt6
- _Int_6DkODWnF
- _Int_1A9bfKrt
- _Int_SkAVqdcG
- OLE_LINK9
- _Hlk151532699
- OLE_LINK10
- OLE_LINK5
- OLE_LINK11
- _Hlk151709071
- OLE_LINK8
- _Hlk154054230
- OLE_LINK12
- OLE_LINK13
- OLE_LINK15
- OLE_LINK17
- __codelineno-0-1
- OLE_LINK18
- _Hlk154408967
- OLE_LINK1
- OLE_LINK2
- OLE_LINK3
- OLE_LINK4
- OLE_LINK5
- OLE_LINK7
- _Hlk162119449
- OLE_LINK10
- OLE_LINK12
- OLE_LINK11
- OLE_LINK1
- OLE_LINK4
- OLE_LINK7
- _Hlk162119449
- OLE_LINK10
- OLE_LINK12
- OLE_LINK11
- _Hlk162122907
- OLE_LINK9
- OLE_LINK1
- OLE_LINK18
- OLE_LINK19
- OLE_LINK21
- OLE_LINK22
- OLE_LINK23
- OLE_LINK24
- OLE_LINK20
- OLE_LINK29
- _Hlk167132856
- OLE_LINK25
- _Hlk167133000
- _Hlk167133017
- OLE_LINK26
- OLE_LINK27.
- OLE_LINK28.