![Hands-on Penetration Testing for Web Applications](https://img.perlego.com/book-covers/2660987/9789389328547_300_450.webp)
Hands-on Penetration Testing for Web Applications
Run Web Security Testing on Modern Applications Using Nmap, Burp Suite and Wireshark
Richa Gupta
- English
- ePUB (adapté aux mobiles)
- Disponible sur iOS et Android
Hands-on Penetration Testing for Web Applications
Run Web Security Testing on Modern Applications Using Nmap, Burp Suite and Wireshark
Richa Gupta
Ă propos de ce livre
Learn how to build an end-to-end Web application security testing framework
Description
Hands-on Penetration Testing for Web Applications offers readers with knowledge and skillset to identify, exploit and control the security vulnerabilities present in commercial web applications including online banking, mobile payments and e-commerce applications.We begin with exposure to modern application vulnerabilities present in web applications. You will learn and gradually practice the core concepts of penetration testing and OWASP Top Ten vulnerabilities including injection, broken authentication and access control, security misconfigurations and cross-site scripting (XSS).
What you will learn
- Complete overview of concepts of web penetration testing.
- Learn to secure against OWASP TOP 10 web vulnerabilities.
- Discover security flaws in your web application using most popular tools like nmap and wireshark.
- Learn to respond modern automated cyber attacks with the help of expert-led tips and tricks.
Who this book is for
This book is for Penetration Testers, ethical hackers, and web application developers. People who are new to security testing will also find this book useful. Basic knowledge of HTML, JavaScript would be an added advantage.
Table of Contents
1. Why Application Security?
2. Modern application Vulnerabilities
3. Web Pentesting Methodology
4. Testing Authentication
5. Testing Session Management
6. Testing Secure Channels
7. Testing Secure Access Control
8. Sensitive Data and Information disclosure
9. Testing Secure Data validation
10. Attacking Application Users: Other Techniques
11. Attacking Application Users: Other Techniques
12. Automating Custom Attacks
13. Pentesting Tools
14. Static Code Analysis
15. Mitigations and Core Defense Mechanisms
Foire aux questions
Informations
CHAPTER 1
Why Application Security
Structure
- Modern web applications
- The need for application security
- Application security challenges
- Application security trends
Objectives
- Understand how web applications have evolved as a security concern.
- Understand some metrics about the need for application security.
- Describe the core security challenges that web applications are facing.
- Discuss the latest trends in web application security and how these may be expected to evolve in near future.
Modern web applications
The need for application security
![](OEBPS/images/Figure-1.1-plgo-compressed.webp)
- Information Systems are still evolving
- More Complex Applications
- No of applications and services rising every year
- Everything is now directly exposed(As a Service)
- Applications are exposed to internal threats, hackers, Script kiddies
Application security challenges
- Lack of security awareness:
- Lack of awareness of major threats existing in the applications among the peers and correct security control measures to be taken.
- Sometimes, even experienced web application developers are over-confident about their coding practices and make big assumptions about the security provided by their programming frameworks and security protocols, resulting in poor programming and attracts hackers to find vulnerability in their application.
- Lack of resources and experts:
- Inconsistent testing demands due to the agile development environment result in continual application releases.
- Expertise is required for in-depth manual testing and test analysis along with running and interpreting results of automated scanning programs.
- Rapidly growing zero-day vulnerabilities:
- New concepts and threats growing at an exponential rate in today's Digital World make the lives of hackers easy and force a Security professional to think two steps ahead of a hacker and to keep track of new and possible unknown vulnerabilities originating and how to tackle them.
- Increasing functionalities in the application:
- Modern sites now include numerous functionalities like password recovery, username recovery, password hints, and an option to remember the username and password on future visits, etc. thus increasing the site's attack surface.
Application security trends
![](OEBPS/images/Figure-1.2-plgo-compressed.webp)