How to Attack and Defend Your Website.pdf

(24027 KB) Pobierz

How to Attack and Defend Your Website

Henry Dalziel

AMSTERDAM • BOSTON • HEIDELBERG

LONDON • NEW YORK • OXFORD • PARIS

SAN DIEGO • SAN FRANCISCO

SINGAPORE • SYDNEY • TOKYO

Syngress is an Imprint of Elsevier

Syngress is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA

No part of this publication may be reproduced or transmitted in any form or by any means, elec-

tronic or mechanical, including photocopying, recording, or any information storage and retrieval

system, without permission in writing from the publisher. Details on how to seek permission, further

information about the Publisher’s permissions policies and our arrangements with organizations

such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our

website:

www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the

Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience

broaden our understanding, changes in research methods, professional practices, or medical treat-

ment may become necessary. Practitioners and researchers must always rely on their own experience

and knowledge in evaluating and using any information, methods, compounds, or experiments

described herein. In using such information or methods they should be mindful of their own safety

and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors,

assume any liability for any injury and/or damage to persons or property as a matter of products

liability, negligence or otherwise, or from any use or operation of any methods, products, instruc-

tions, or ideas contained in the material herein.

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

ISBN: 978-0-12-802732-5

For information on all Syngress publications

visit our website at

http://store.elsevier.com/

AUTHOR BIOGRAPHY

Henry Dalziel

is a serial education entrepreneur, founder of Concise Ac

Ltd, online cybersecurity blogger, and e-book author. He writes for the

blog “Concise-Courses.com” and has developed numerous cybersecurity

continuing education courses and books. Concise Ac Ltd develops and

distributes continuing education content (books and courses) for cyberse-

curity professionals seeking skill enhancement and career advancement.

The company was recently accepted onto the UK Trade & Investment’s

(UKTI) Global Entrepreneur Programme (GEP).

CONTRIBUTING EDITOR BIOGRAPHY

Alejandro Caceres

is the founder of Hyperion Gray, LLC, a web-security

and big-data R&D company. He is also the creator of the PunkSPIDER

project, an open-source web-app-vulnerability scanner and repository of

vulnerabilities found on the open web. Alejandro has spoken at several

major security conferences (DEF CON, ShmooCon, AppSec) and enjoys

making web-app hacking principles more accessible to web developers so

that they can design and build more secure applications.

INTRODUCTION

When you are trying to build a secure website or web application, it helps

to see the problem through the eyes of the adversary, to understand the

weaknesses that can be used to attack a website. Therefore, the goal

of this book is to teach you how to hack websites. Through hands-on

exercises we will show you several of the most common weaknesses and

how they can be exploited by an attacker – in this case, you. After you

learn this, you will be better prepared to protect your own, your clients’

or your employer’s websites from these types of attacks.

We will start by learning the basic web technology stack, and then we

will delve a little deeper and talk about the HTTP protocol. Central to this

book is being able to understand the technologies so that we can make

them do exactly what we want, instead of what the developer intended,

and that in itself is a good definition of “web application hacking.” The

next step is to learn what tools to use for web app hacking and how to set

up those tools

. After that, the fun begins – exploitation and learning how

to break web applications.

To finish up, we will talk about finding vulnerabilities in websites,

which will again help you see from the adversary’s perspective how they

look for weaknesses to exploit.

Please Download “Getting Your Hacking Lab Set Up at:

http://www.concise-courses.

com/learn/web-application-security/setup/

Plik z chomika:

jacek_040

Inne pliki z tego folderu:

Exploiting Web-Based Applications - FREE Video Training Course PART 1.rar (506812 KB)
Exploiting Web-Based Applications - FREE Video Training Course PART 2.rar (933817 KB)
50 Android Hacks.pdf (3465 KB)
50 Reasons For Mastering Penetration Testing.azw3 (171 KB)
610.1 - Malware Analysis Fundamentals.pdf (31650 KB)

How to Attack and Defend Your Website.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: