Real-World Bug Hunting: A Field Guide to Web Hacking


Real-World Bug Hunting: A Field Guide to Web Hacking
By 作者: Peter Yaworski
ISBN-10 书号: 1593278616
ISBN-13 书号: 9781593278618
Release Finelybook 出版日期: 2019-07-09
pages 页数: (264 )

The Book Description robot was collected from Amazon and arranged by Finelybook

Uses real-world bug reports (vulnerabilities in software or in this case web applications) to teach programmers and InfoSec professionals how to discover and protect vulnerabilities in web applications.
Real-World Bug Hunting is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualizes them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks. As you read each report, you’ll gain deeper insight into how the vulnerabilities work and how you might find similar ones.
Each chapter begins with an explanation of a vulnerability type, then moves into a series of real bug bounty reports that show how the bugs were found. You’ll learn things like how Cross-Site Request Forgery tricks users into unknowingly submitting information to websites they are logged into; how to pass along unsafe JavaScript to execute Cross-Site Scripting; how to access another user’s data via Insecure Direct Object References; how to trick websites into disclosing information with Server Side Request Forgeries; and how bugs in application logic can lead to pretty serious vulnerabilities. Yaworski also shares advice on how to write effective vulnerability reports and develop relationships with bug bounty programs, as well as recommends hacking tools that can make the job a little easier.

Introduction
1Bug Bounty Basics
2Open Redirect
3HTTP Parameter Pollution
4Cross-Site Request Forgery
5HTML Injection and Content Spoofing
6Carriage Return Line Feed Injection
7 Cross-Site Scripting
8 Template Injecti1
9 sQL Injection
10 Server-Side Request Forgery
11XML External Entity
12 Remote Code Execution
13 Memory Vulnerabilities
14Subdomain Takeover
15 Race Conditions
16Insecure Direct Object References
17 OAuth Vulnerabilities
18 Application Logic and Confhguration Vulnerabilities
19 Finding Your Own Bug Bounties
20 Vulnerability Reports
A Tools
BResources
Index


下载地址

Real-World Bug Hunting 9781593278618.zip

觉得文章有用就打赏一下文章作者
未经允许不得转载:finelybook » Real-World Bug Hunting: A Field Guide to Web Hacking
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏