Free Delivery Over $100
|
|
|||
|
||||
OverviewUses real-world bug reports (vulnerabilities in software or in this case web applications) to teach programmers and InfoSec professionals how to discover and protect vulnerabilities in web applications. Real-World Web Hacking is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualizes them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks. As you read each report, you'll gain deeper insight into how the vulnerabilities work and how you might find similar ones. Each chapter begins with an explanation of a vulnerability type, then moves into a series of real bug bounty reports that show how the bugs were found. You'll learn things like how Cross-Site Request Forgery tricks users into unknowingly submitting information to websites they are logged into; how to pass along unsafe JavaScript to execute Cross-Site Scripting; how to access another user's data via Insecure Direct Object References; how to trick websites into disclosing information with Server Side Request Forgeries; and how bugs in application logic can lead to pretty serious vulnerabilities. Yaworski also shares advice on how to write effective vulnerability reports and develop relationships with bug bounty programs, as well as recommends hacking tools that can make the job a little easier. Full Product DetailsAuthor: Peter YaworskiPublisher: No Starch Press,US Imprint: No Starch Press,US Weight: 0.523kg ISBN: 9781593278618ISBN 10: 1593278616 Pages: 264 Publication Date: 09 July 2019 Audience: General/trade , General Format: Paperback Publisher's Status: Active Availability: To order  Stock availability from the supplier is unknown. We will order it for you and ship this item to you once it is received by us. Table of ContentsReviewsI am quite sure that [this book is] going to be one of the most recommended books for web app pen-testing. If it is not already. -Sudo Realm A brilliant resource for anyone who aspires to be a professional bug hunter. -Dana Epp, Security Boulevard """I am quite sure that [this book is] going to be one of the most recommended books for web app pen-testing. If it is not already."" —Sudo Realm ""A brilliant resource for anyone who aspires to be a professional bug hunter."" —Dana Epp, Security Boulevard" Author InformationPeter Yaworski is a self-taught developer and ethical hacker who began building websites exclusively with Drupal. Since then, he has expanded his interest to Rails, Android app development, and software security, while producing over 100 video tutorials and interviews on YouTube covering ethical hacking, web development, and Android to help teach others what he's learned. Peter continues to be an active bug bounty participant with thanks from Shopify, HackerOne, Salesforce, Twitter, Starbucks and the US Department of Defense among others. Tab Content 6Author Website:Countries AvailableAll regions |
||||
