Muutke küpsiste eelistusi

E-raamat: Real-World Bug Hunting

4.18/5 (252 hinnangut Goodreads-ist)
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 09-Jul-2019
  • Kirjastus: No Starch Press,US
  • Keel: eng
  • ISBN-13: 9781593278625
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 36,04 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Real-World Bug HuntingSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 09-Jul-2019
  • Kirjastus: No Starch Press,US
  • Keel: eng
  • ISBN-13: 9781593278625
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Uses real-world bug reports (vulnerabilities in software or in this case web applications) to teach programmers and InfoSec professionals how to discover and protect vulnerabilities in web applications.

Real-World Bug Hunting is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualizes them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks. As you read each report, you'll gain deeper insight into how the vulnerabilities work and how you might find similar ones.

Each chapter begins with an explanation of a vulnerability type, then moves into a series of real bug bounty reports that show how the bugs were found. You'll learn things like how Cross-Site Request Forgery tricks users into unknowingly submitting information to websites they are logged into; how to pass along unsafe JavaScript to execute Cross-Site Scripting; how to access another user's data via Insecure Direct Object References; how to trick websites into disclosing information with Server Side Request Forgeries; and how bugs in application logic can lead to pretty serious vulnerabilities. Yaworski also shares advice on how to write effective vulnerability reports and develop relationships with bug bounty programs, as well as recommends hacking tools that can make the job a little easier.

Arvustused

"I am quite sure that [ this book is] going to be one of the most recommended books for web app pen-testing. If it is not already." Sudo Realm

"A brilliant resource for anyone who aspires to be a professional bug hunter." Dana Epp, Security Boulevard

Muu info

Uses real-world bug reports (vulnerabilities in software or in this case web applications) to teach programmers and InfoSec professionals how to discover and protect vulnerabilities in web applications.
Foreword xvii
Michiel Prins
Jobert Abma
Acknowledgments xix
Introduction xxi
Who Should Read This Book xxii
How to Read This Book xxii
What's in This Book xxiii
A Disclaimer About Hacking xxv
1 Bug Bounty Basics
1(10)
Vulnerabilities and Bug Bounties
2(1)
Client and Server
2(1)
What Happens When You Visit a Website
3(4)
Step 1 Extracting the Domain Name
3(1)
Step 2 Resolving an IP Address
3(1)
Step 3 Establishing a TCP Connection
4(1)
Step 4 Sending an HTTP Request
4(1)
Step 5 Server Response
5(1)
Step 6 Rendering the Response
6(1)
HTTP Requests
7(2)
Request Methods
7(1)
HTTP Is Stateless
8(1)
Summary
9(2)
2 Open Redirect
11(8)
How Open Redirects Work
12(1)
Shopify Theme Install Open Redirect
13(1)
Takeaways
14(1)
Shopify Login Open Redirect
14(1)
Takeaways
15(1)
HackerOne Interstitial Redirect
15(2)
Takeaways
16(1)
Summary
17(2)
3 HTTP Parameter Pollution
19(10)
Server-Side HPP
20(2)
Client-Side HPP
22(1)
HackerOne Social Sharing Buttons
23(1)
Takeaways
24(1)
Twitter Unsubscribe Notifications
24(1)
Takeaways
25(1)
Twitter Web Intents
25(2)
Takeaways
27(1)
Summary
27(2)
4 Cross-Site Request Forgery
29(12)
Authentication
30(1)
CSRF with GET Requests
31(1)
CSRF with POST Requests
32(2)
Defenses Against CSRF Attacks
34(2)
Shopify Twitter Disconnect
36(1)
Takeaways
37(1)
Change Users Instacart Zones
37(1)
Takeaways
38(1)
Badoo Full Account Takeover
38(2)
Takeaways
40(1)
Summary
40(1)
5 Html Injection And Content Spoofing
41(8)
Coinbase Comment Injection Through Character Encoding
42(2)
Takeaways
44(1)
HackerOne Unintended HTML Inclusion
44(2)
Takeaways
46(1)
HackerOne Unintended HTML Include Fix Bypass
46(1)
Takeaways
47(1)
Within Security Content Spoofing
47(1)
Takeaways
47(1)
Summary
48(1)
6 Carriage Return Line Feed Injection
49(6)
HTTP Request Smuggling
50(1)
v.shopify.com Response Splitting
51(1)
Takeaways
52(1)
Twitter HTTP Response Splitting
52(2)
Takeaways
54(1)
Summary
54(1)
7 Cross-Site Scripting
55(16)
Types of XSS
58(3)
Shopify Wholesale
61(1)
Takeaways
62(1)
Shopify Currency Formatting
62(1)
Takeaways
63(1)
Yahoo! Mail Stored XSS
63(2)
Takeaways
65(1)
Google Image Search
65(1)
Takeaways
66(1)
Google Tag Manager Stored XSS
66(1)
Takeaways
67(1)
United Airlines XSS
67(3)
Takeaways
70(1)
Summary
70(1)
8 Template Injection
71(10)
Server-Side Template Injections
72(1)
Client-Side Template Injections
72(1)
Uber AngularJS Template Injection
73(1)
Takeaways
74(1)
Uber Flask Jinja2 Template Injection
74(2)
Takeaways
76(1)
Rails Dynamic Render
76(2)
Takeaways
77(1)
Unikrn Smarty Template Injection
78(2)
Takeaways
80(1)
Summary
80(1)
9 SQL Injection
81(14)
SQL Databases
82(1)
Countermeasures Against SQLi
83(1)
Yahoo! Sports Blind SQLi
84(3)
Takeaways
87(1)
Uber Blind SQLi
87(3)
Takeaways
90(1)
DrupalSQLi
90(3)
Takeaways
93(1)
Summary
93(2)
10 Server-Side Request Forgery
95(12)
Demonstrating the Impact of Server-Side Request Forgery
96(1)
Invoking GET vs. POST Requests
97(1)
Performing Blind SSRFs
97(1)
Attacking Users with SSRF Responses
98(1)
ESEA SSRF and Querying AWS Metadata
98(2)
Takeaways
100(1)
Google Internal DNS SSRF
100(4)
Takeaways
104(1)
Internal Port Scanning Using Webhooks
104(1)
Takeaways
105(1)
Summary
105(2)
11 Xml External Entity
107(12)
Extensible Markup Language
107(1)
Document Type Definitions
108(2)
XML Entities
110(1)
How XXE Attacks Work
111(1)
Read Access to Google
112(1)
Takeaways
112(1)
Facebook XXE with Microsoft Word
112(3)
Takeaways
114(1)
Wikiloc XXE
115(2)
Takeaways
117(1)
Summary
117(2)
12 Remote Code Execution
119(10)
Executing Shell Commands
119(2)
Executing Functions
121(1)
Strategies for Escalating Remote Code Execution
122(1)
Polyvore ImageMagick
123(2)
Takeaways
125(1)
Algolia RCE on facebooksearch.algolia.com
125(2)
Takeaways
127(1)
RCE Through SSH
127(1)
Takeaways
128(1)
Summary
128(1)
13 Memory Vulnerabilities
129(10)
Buffer Overflows
130(3)
Read Out of Bounds
133(1)
PHP ftp_genlist() Integer Overflow
134(1)
Takeaways
134(1)
Python Hotshot Module
135(1)
Takeaways
135(1)
Libcurl Read Out of Bounds
136(1)
Takeaways
136(1)
Summary
136(3)
14 Subdomain Takeover
139(10)
Understanding Domain Names
139(1)
How Subdomain Takeovers Work
140(1)
Ubiquiti Subdomain Takeover
141(1)
Takeaways
142(1)
Scan.me Pointing to Zendesk
142(1)
Takeaways
142(1)
Shopify Windsor Subdomain Takeover
142(1)
Takeaways
143(1)
Snapchat Fastly Takeover
143(1)
Takeaways
144(1)
Legal Robot Takeover
144(1)
Takeaways
145(1)
Uber SendGrid Mail Takeover
145(2)
Takeaways
146(1)
Summary
147(2)
15 Race Conditions
149(8)
Accepting a HackerOne Invite Multiple Times
150(2)
Takeaways
151(1)
Exceeding Keybase Invitation Limits
152(1)
Takeaways
152(1)
HackerOne Payments Race Condition
153(1)
Takeaways
154(1)
Shopify Partners Race Condition
154(2)
Takeaways
155(1)
Summary
156(1)
16 Insecure Direct Object References
157(10)
Finding Simple IDORs
158(1)
Finding More Complex IDORs
158(1)
Binary.com Privilege Escalation
159(1)
Takeaways
160(1)
Moneybird App Creation
160(1)
Takeaways
161(1)
Twitter Mopub API Token Theft
161(2)
Takeaways
163(1)
ACME Customer Information Disclosure
163(2)
Takeaways
164(1)
Summary
165(2)
17 Oauth Vulnerabilities
167(10)
The OAuth Workflow
168(3)
Stealing Slack OAuth Tokens
171(1)
Takeaways
171(1)
Passing Authentication with Default Passwords
171(2)
Takeaways
172(1)
Stealing Microsoft Login Tokens
173(1)
Takeaways
174(1)
Swiping Facebook Official Access Tokens
174(2)
Takeaways
175(1)
Summary
176(1)
18 Application Logic And Configuration Vulnerabilities
177(14)
Bypassing Shopify Administrator Privileges
179(1)
Takeaways
179(1)
Bypassing Twitter Account Protections
180(1)
Takeaways
180(1)
HackerOne Signal Manipulation
180(1)
Takeaways
181(1)
HackerOne Incorrect S3 Bucket Permissions
181(2)
Takeaways
183(1)
Bypassing GitLab Two-Factor Authentication
183(1)
Takeaways
184(1)
Yahoo! PHP Info Disclosure
184(2)
Takeaways
186(1)
HackerOne Hacktivity Voting
186(2)
Takeaways
187(1)
Accessing PornHub's Memcache Installation
188(1)
Takeaways
189(1)
Summary
189(2)
19 Finding Your Own Bug Bounties
191(12)
Reconnaissance
192(1)
Subdomain Enumeration
192(1)
Port Scanning
193(1)
Screenshotting
194(1)
Content Discovery
195(1)
Previous Bugs
196(1)
Testing the Application
196(1)
The Technology Stack
196(1)
Functionality Mapping
197(1)
Finding Vulnerabilities
198(2)
Going Further
200(1)
Automating Your Work
200(1)
Looking at Mobile Apps
200(1)
Identifying New Fuctionality
201(1)
Tracking JavaScript Files
201(1)
Paying for Access to New Functionality
201(1)
Learning the Technology
201(1)
Summary
202(1)
20 Vulnerability Reports
203(6)
Read the Policy
204(1)
Include Details; Then Include More
204(1)
Reconfirm the Vulnerability
205(1)
Your Reputation
205(1)
Show Respect for the Company
206(1)
Appealing Bounty Rewards
207(1)
Summary
208(1)
A TOOLS
209(8)
Web Proxies
210(1)
Subdomain Enumeration
211(1)
Discovery
212(1)
Screenshotting
213(1)
Port Scanning
213(1)
Reconnaissance
214(1)
Hacking Tools
214(1)
Mobile
215(1)
Browser Plug-Ins
216(1)
B Resources
217(8)
Online Training
217(2)
Bug Bounty Platforms
219(1)
Recommended Reading
220(2)
Video Resources
222(1)
Recommended Blogs
222(3)
Index 225
Peter Yaworski is a self-taught developer and ethical hacker who began building websites exclusively with Drupal. Since then, he has expanded his interest to Rails, Android app development, and software security, while producing over 100 video tutorials and interviews on YouTube covering ethical hacking, web development, and Android to help teach others what he's learned. Peter continues to be an active bug bounty participant with thanks from Shopify, HackerOne, Salesforce, Twitter, Starbucks and the US Department of Defense among others.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97815932786256e.html
Märksõnad: