Overview

Full Product Details

Author:   Ali Abdollahi
Publisher:   John Wiley & Sons Inc
Imprint:   John Wiley & Sons Inc
Dimensions:   Width: 18.50cm , Height: 2.30cm , Length: 23.40cm
Weight:   0.499kg
ISBN:  

9781394295593

ISBN 10:   1394295596
Pages:   352
Publication Date:   11 February 2025
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Paperback
Publisher's Status:   Active
Availability:   Available To Order  
We have confirmation that this item is in stock with the supplier. It will be ordered in for you and dispatched immediately.

Table of Contents

Foreword xvii Introduction xix Chapter 1 Introduction to Web Application Penetration Testing 1 The Importance of Web Application Security 3 Overview of Web Application Penetration Testing 6 The Penetration Testing Process 8 Methodologies 12 Tools and Techniques 14 Reporting 16 Types of Web Application Vulnerabilities 17 Key Takeaways 25 Chapter 2 Setting Up Your Penetration Testing Environment 27 Setting Up Virtual Machines 28 Container Option 29 Kali Linux Installation 30 PentestBox 34 Installing DVWA 35 OWASP Juice Shop 40 Burp Suite 41 OWASP ZED Attack Proxy 46 WILEY Preconfigured Environment 49 Key Takeaways 49 Chapter 3 Reconnaissance and Information Gathering 51 Passive Information Gathering 52 Automating Subdomain Enumeration 61 Active Information Gathering 64 Open-Source Intelligence Gathering 77 Key Takeaways 88 Chapter 4 Cross-Site Scripting 89 XSS Categories 90 Reflected XSS 91 Stored XSS 93 Automatic User Session Hijacking 94 Website Defacement Using XSS 96 DOM-Based XSS 97 Self-XSS 98 Browser Exploitation Framework 100 XSS Payloads and Bypasses 102 XSS Mitigation Techniques 105 Reflected XSS Bypass Techniques 107 Stored XSS Bypass Technique 110 Key Takeaways 112 Chapter 5 SQL Injection 113 What Is SQL Injection? 113 Types of SQL Injection 114 Error-Based SQL Injection 117 Union-Based SQL Injection 117 Blind SQL Injection 123 SQLMap 126 SQL Injection Payloads with ChatGPT 140 SQL Injection Prevention 142 Key Takeaways 145 Chapter 6 Cross-Site Request Forgery 147 Hunting CSRF Vulnerability 149 CSRF Exploitation 149 XSS and CSRF 151 Clickjacking 152 Generating an Effective Proof of Concept Using ChatGPT 154 Tips for Developers 157 Key Takeaways 158 Chapter 7 Server-Side Attacks and Open Redirects 159 Server-Side Request Forgery 159 SSRF in Action 160 SSRF Vulnerability 162 Blind SSRF 164 Local File Inclusion 166 Remote File Inclusion 170 Open Redirect 173 Server-Side Attacks Differences 177 Security Mitigations 178 Key Takeaways 181 Chapter 8 XML-Based Attacks 183 XML Fundamentals 183 XXE Exploitation 185 Hunting XML Entry Points 187 SSRF Using XXE 192 DoS Using XXE 193 XXE Payload and Exploitation with ChatGPT 195 XML-Based Attacks Countermeasures 196 Key Takeaways 198 Chapter 9 Authentication and Authorization 201 Password Cracking and Brute-Force Attacks 205 Credential Stuffing Attack 211 Password Spraying 213 Password Spraying Using Burp Suite Intruder 214 Other Automated Tools for Password Attacks 215 JSON Web Token 223 Key Takeaways 225 Chapter 10 API Attacks 227 OWASP API Top 10 228 API Enumeration and Discovery 230 API Discovery Using ChatGPT 231 API Broken Object-Level Authorization Exploitation 235 Rate Limiting 240 API Penetration Testing Tools 242 API Security Tips 244 Key Takeaways 245 Appendix A Best Practices and Standards 247 Information Gathering 248 Configuration and Deployment Management Testing 251 Identity Management Testing 254 Authentication Testing 256 Authorization Testing 261 Session Management Testing 265 Input Validation Testing 273 Testing for Error Handling 285 Testing for Weak Cryptography 286 Business Logic Testing 290 Client-Side Testing 297 Appendix B CWE and CVSS Score 307 Base Score 308 Temporal Score 308 Environmental Score 309 Appendix c Writing Effective and Comprehensive Penetration Testing Reports 311 Table of Contents (ToC) 311 Project History and Timeline 311 Scope 312 Testing Approach 312 Executive Summary 312 Industry Standard 312 Findings Table 312 Findings Details 313 Key Takeaways 315 Index 317

Reviews

Author Information

ALI ABDOLLAHI is a cybersecurity researcher with over 12 years of experience. Currently, he is the application and offensive security manager at Canon EMEA. He studied computer engineering, published articles, and holds several professional certificates. Ali is a Microsoft MVP and regular speaker or trainer at industry conferences and events.

Tab Content 6

Author Website:  

Countries Available

All regions