Premium Members Get 10% Off and Earn Rewards Find Out More
Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications
Start with the basics of bug hunting and learn more about implementing an offensive approach by finding vulnerabilities in web applications. Getting an introduction to Kali Linux, you will take a close look at the types of tools available to you and move on to set up your virtual lab. You will then discover how request forgery injection works on web pages and applications in a mission-critical setup. Moving on to the most challenging task for any web application, you will take a look at how cross-site scripting works and find out about effective ways to exploit it.

You will then learn about header injection and URL redirection along with key tips to find vulnerabilities in them. Keeping in mind how attackers can deface your website, you will work with malicious files and automate your approach to defend against these attacks. Moving on to Sender Policy Framework (SPF), you will see tips to find vulnerabilities in it and exploit them. Following this, you will get to know how unintended XML injection and command injection work to keep attackers at bay. Finally, you will examine different attack vectors used to exploit HTML and SQL injection. Overall, Bug Bounty Hunting for Web Security will help you become a better penetration tester and at the same time it will teach you how to earn bounty by hunting bugs in web applications.

What You Will Learn



• Implement an offensive approach to bug hunting Create and manage request forgery on web pages
• Poison Sender Policy Framework and exploit it Defend against cross-site scripting (XSS) attacks
• Inject headers and test URL redirection Work with malicious files and command injection
• Resist strongly unintended XML attacks

Who This Book Is For

White-hat hacking enthusiasts who are new to bug hunting and are interested in understanding the core concepts.
1133119930
Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications
Start with the basics of bug hunting and learn more about implementing an offensive approach by finding vulnerabilities in web applications. Getting an introduction to Kali Linux, you will take a close look at the types of tools available to you and move on to set up your virtual lab. You will then discover how request forgery injection works on web pages and applications in a mission-critical setup. Moving on to the most challenging task for any web application, you will take a look at how cross-site scripting works and find out about effective ways to exploit it.

You will then learn about header injection and URL redirection along with key tips to find vulnerabilities in them. Keeping in mind how attackers can deface your website, you will work with malicious files and automate your approach to defend against these attacks. Moving on to Sender Policy Framework (SPF), you will see tips to find vulnerabilities in it and exploit them. Following this, you will get to know how unintended XML injection and command injection work to keep attackers at bay. Finally, you will examine different attack vectors used to exploit HTML and SQL injection. Overall, Bug Bounty Hunting for Web Security will help you become a better penetration tester and at the same time it will teach you how to earn bounty by hunting bugs in web applications.

What You Will Learn



• Implement an offensive approach to bug hunting Create and manage request forgery on web pages
• Poison Sender Policy Framework and exploit it Defend against cross-site scripting (XSS) attacks
• Inject headers and test URL redirection Work with malicious files and command injection
• Resist strongly unintended XML attacks

Who This Book Is For

White-hat hacking enthusiasts who are new to bug hunting and are interested in understanding the core concepts.
54.99 In Stock
Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications

Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications

by Sanjib Sinha
Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications

Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications

by Sanjib Sinha

Overview

Start with the basics of bug hunting and learn more about implementing an offensive approach by finding vulnerabilities in web applications. Getting an introduction to Kali Linux, you will take a close look at the types of tools available to you and move on to set up your virtual lab. You will then discover how request forgery injection works on web pages and applications in a mission-critical setup. Moving on to the most challenging task for any web application, you will take a look at how cross-site scripting works and find out about effective ways to exploit it.

You will then learn about header injection and URL redirection along with key tips to find vulnerabilities in them. Keeping in mind how attackers can deface your website, you will work with malicious files and automate your approach to defend against these attacks. Moving on to Sender Policy Framework (SPF), you will see tips to find vulnerabilities in it and exploit them. Following this, you will get to know how unintended XML injection and command injection work to keep attackers at bay. Finally, you will examine different attack vectors used to exploit HTML and SQL injection. Overall, Bug Bounty Hunting for Web Security will help you become a better penetration tester and at the same time it will teach you how to earn bounty by hunting bugs in web applications.

What You Will Learn



• Implement an offensive approach to bug hunting Create and manage request forgery on web pages
• Poison Sender Policy Framework and exploit it Defend against cross-site scripting (XSS) attacks
• Inject headers and test URL redirection Work with malicious files and command injection
• Resist strongly unintended XML attacks

Who This Book Is For

White-hat hacking enthusiasts who are new to bug hunting and are interested in understanding the core concepts.

Product Details

ISBN-13: 9781484253908
Publisher: Apress
Publication date: 11/13/2019
Edition description: 1st ed.
Pages: 225
Product dimensions: 6.10(w) x 9.25(h) x (d)

About the Author

Sanjib Sinha is an author and tech writer. Being a certified .NET Windows and web developer, he has specialized in Python security programming, Linux, and many programming languages that include C#, PHP, Python, Dart, Java, and JavaScript. Sanjib has also won Microsoft's Community Contributor Award in 2011 and he has written Beginning Ethical Hacking with Python, Beginning Ethical Hacking with Kali Linux, and two editions of Beginning Laravel for Apress.

Table of Contents

Chapter 1: Let the Hunt Begin!
Chapter Goal: This chapter will showcase how to implement an offensive approach to hunt bugs. And what type of tools are required?
No of pages: 10

Sub -Topics
1. Why hunt bugs?
2. Introducing Burp Suite
3. Introducing other tools

Chapter 2: Setting up Your Virtual Lab
Chapter Goal: This chapter will guide readers with the goal to set up the virtual labs.
No of pages: 10

Sub - Topics
1. Why we need Virtual Box
2. Introduction to Kali Linux – the hacker’s operating system
3. What type of tools are available in Kali

Chapter 3: Injecting Request Forgery
Chapter Goal: Readers will learn to create and manage request forgery on any web page.No of pages: 10

Sub - Topics:
1. What is Request Forgery (CSRF)
2. Mission Critical Injection of CSRF
3. How to discover CSRF on any application

Chapter 4: Cross Site Scripting (XSS) Exploitation
Chapter Goal: This chapter will talk, comprehensively, about one of the most challenging tasks of any web application – to resist Cross Site Scripting or XSS Attacks.
No of pages: 15

Sub - Topics:
1. What is XSS
2. How we can exploit through XSS
3. How we can discover any XSS attack

Chapter 5: Header Injection and URL Redirection
Chapter Goal: This chapter will discuss header injection, cache poisoning, and URL redirection.
No of pages: 15

Sub - Topics:
1. What is header injection and how it is related to URL redirection
2. How Cross Site Scripting is done through Header Injection
3. How to discover header has been injected
4. How to find URL redirection vulnerabilities

Chapter 6: Uploading Malicious Files
Chapter Goal: Readers will learn about malicious file uploading and take forward bug bounty hunting.
No of pages: 10

Sub - Topics:
1. How to upload malicious files to own a system
2. What is defacement?
3. How to automate this attack?

Chapter 7: Poisoning Sender Policy Framework (SPF)
Chapter Goal: This chapter will cover basic and advanced technique to test SPF and exploit it.
No of pages: 10

Sub - Topics:1. Is there insufficient SPF records
2. How to exploit SPF
3. How to find the vulnerabilities and test it

Chapter 8: Injecting Unintended XML
Chapter Goal: Readers will learn about injecting unintended XML into any application.
No of pages: 10

Sub - Topics:
1. What is XML injection
2. How to perform XML injection in Virtual Lab
3. How to fetch System Configuration Files

Chapter 9: Command Injection
Chapter Goal: Readers will learn how an operating system falls prey to injected command and how attackers feed on those vulnerabilities.
No of pages: 10

Sub - Topics:
1. What is command injection
2. How to inject malicious commands
3. How to exploit command injection

Chapter 10: Exploiting HTML and SQL Injection
Chapter Goal: This chapter will teach readers the different attack vectors used to exploit HTML and SQL injection.
No of pages: 20

Sub - Topics:
1. What are HTML and SQL injection
2. How to find and exploit HTML injection
3. What are the header and cookie-based SQL injection
4. How to bypass authentication by SQLI
5. How to automate SQLI

Appendix: Further Reading
Chapter Goal: This section will show readers additional new features of bug hunting and how to exploit them.
No of pages: 10

Sub - Topics:
1. What tools can be used alongside Burp Suite
2. How source code disclosure helps information gathering
3. What could be the next challenges to hunt bugs
From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Computers - General & Miscellaneous
Computer Security
Computers
Computers - General & Miscellaneous
Computer Security

Customer Reviews