A Beginner's Guide To Web Application Penetration Testing

Ali Abdollahi

$82.95

Paperback

Not in-store but you can order this
How long will it take?

Availability Information

We source books from suppliers in Australia and overseas. For books we don't currently have in stock, the time it takes to get them from our suppliers can vary widely - from a few days to a few months - so we check each book with each supplier to determine the expected time it will take to be supplied to us.

We then advise you accordingly. If the time taken to get any book is too long for you, you can let us know and we will cancel or adjust your order, and refund as required.

To find out the anticipated arrival time for specific items prior to ordering, please contact us by phone or email:

Phone +61 2 9264 3111, or 1800 4 BOOKS (1800 4 26657) if outside Sydney:
option 1 Abbey's Bookshop (Crime, History, Science, Kids & more) • info@abbeys.com.au
option 2 Language Book Centre (ESL & Foreign Languages) • language@abbeys.com.au
option 3 Galaxy Bookshop (Sci-fi, Fantasy, Romance, Graphic Novels) • sf@galaxybooks.com.au

QTY:

English

John Wiley & Sons Inc
17 January 2025

Computer networking & communications

Series: Tech Today

A hands-on, beginner-friendly intro to web application pentesting

In A Beginner's Guide to Web Application Penetration Testing, seasoned cybersecurity veteran Ali Abdollahi delivers a startlingly insightful and up-to-date exploration of web app pentesting. In the book, Ali takes a dual approach—emphasizing both theory and practical skills—equipping you to jumpstart a new career in web application security.

You'll learn about common vulnerabilities and how to perform a variety of effective attacks on web applications. Consistent with the approach publicized by the Open Web Application Security Project (OWASP), the book explains how to find, exploit and combat the ten most common security vulnerability categories, including broken access controls, cryptographic failures, code injection, security misconfigurations, and more.

A Beginner's Guide to Web Application Penetration Testing walks you through the five main stages of a comprehensive penetration test: scoping and reconnaissance, scanning, gaining and maintaining access, analysis, and reporting. You'll also discover how to use several popular security tools and techniques—like as well as:

Demonstrations of the performance of various penetration testing techniques, including subdomain enumeration with Sublist3r and Subfinder, and port scanning with Nmap Strategies for analyzing and improving the security of web applications against common attacks, including Explanations of the increasing importance of web application security, and how to use techniques like input validation, disabling external entities to maintain security

Perfect for software engineers new to cybersecurity, security analysts, web developers, and other IT professionals, A Beginner's Guide to Web Application Penetration Testing will also earn a prominent place in the libraries of cybersecurity students and anyone else with an interest in web application security.

By: Ali Abdollahi
Imprint: John Wiley & Sons Inc
Country of Publication: United States
Dimensions: Height: 234mm, Width: 185mm, Spine: 23mm
Weight: 499g
ISBN: 9781394295593
ISBN 10: 1394295596
Series: Tech Today
Pages: 352
Publication Date: 17 January 2025
Audience: Professional and scholarly , Undergraduate
Format: Paperback
Publisher's Status: Active

Foreword xvii Introduction xix Chapter 1 Introduction to Web Application Penetration Testing 1 The Importance of Web Application Security 3 Overview of Web Application Penetration Testing 6 The Penetration Testing Process 8 Methodologies 12 Tools and Techniques 14 Reporting 16 Types of Web Application Vulnerabilities 17 Key Takeaways 25 Chapter 2 Setting Up Your Penetration Testing Environment 27 Setting Up Virtual Machines 28 Container Option 29 Kali Linux Installation 30 PentestBox 34 Installing DVWA 35 OWASP Juice Shop 40 Burp Suite 41 OWASP ZED Attack Proxy 46 WILEY Preconfigured Environment 49 Key Takeaways 49 Chapter 3 Reconnaissance and Information Gathering 51 Passive Information Gathering 52 Automating Subdomain Enumeration 61 Active Information Gathering 64 Open-Source Intelligence Gathering 77 Key Takeaways 88 Chapter 4 Cross-Site Scripting 89 XSS Categories 90 Reflected XSS 91 Stored XSS 93 Automatic User Session Hijacking 94 Website Defacement Using XSS 96 DOM-Based XSS 97 Self-XSS 98 Browser Exploitation Framework 100 XSS Payloads and Bypasses 102 XSS Mitigation Techniques 105 Reflected XSS Bypass Techniques 107 Stored XSS Bypass Technique 110 Key Takeaways 112 Chapter 5 SQL Injection 113 What Is SQL Injection? 113 Types of SQL Injection 114 Error-Based SQL Injection 117 Union-Based SQL Injection 117 Blind SQL Injection 123 SQLMap 126 SQL Injection Payloads with ChatGPT 140 SQL Injection Prevention 142 Key Takeaways 145 Chapter 6 Cross-Site Request Forgery 147 Hunting CSRF Vulnerability 149 CSRF Exploitation 149 XSS and CSRF 151 Clickjacking 152 Generating an Effective Proof of Concept Using ChatGPT 154 Tips for Developers 157 Key Takeaways 158 Chapter 7 Server-Side Attacks and Open Redirects 159 Server-Side Request Forgery 159 SSRF in Action 160 SSRF Vulnerability 162 Blind SSRF 164 Local File Inclusion 166 Remote File Inclusion 170 Open Redirect 173 Server-Side Attacks Differences 177 Security Mitigations 178 Key Takeaways 181 Chapter 8 XML-Based Attacks 183 XML Fundamentals 183 XXE Exploitation 185 Hunting XML Entry Points 187 SSRF Using XXE 192 DoS Using XXE 193 XXE Payload and Exploitation with ChatGPT 195 XML-Based Attacks Countermeasures 196 Key Takeaways 198 Chapter 9 Authentication and Authorization 201 Password Cracking and Brute-Force Attacks 205 Credential Stuffing Attack 211 Password Spraying 213 Password Spraying Using Burp Suite Intruder 214 Other Automated Tools for Password Attacks 215 JSON Web Token 223 Key Takeaways 225 Chapter 10 API Attacks 227 OWASP API Top 10 228 API Enumeration and Discovery 230 API Discovery Using ChatGPT 231 API Broken Object-Level Authorization Exploitation 235 Rate Limiting 240 API Penetration Testing Tools 242 API Security Tips 244 Key Takeaways 245 Appendix A Best Practices and Standards 247 Information Gathering 248 Configuration and Deployment Management Testing 251 Identity Management Testing 254 Authentication Testing 256 Authorization Testing 261 Session Management Testing 265 Input Validation Testing 273 Testing for Error Handling 285 Testing for Weak Cryptography 286 Business Logic Testing 290 Client-Side Testing 297 Appendix B CWE and CVSS Score 307 Base Score 308 Temporal Score 308 Environmental Score 309 Appendix c Writing Effective and Comprehensive Penetration Testing Reports 311 Table of Contents (ToC) 311 Project History and Timeline 311 Scope 312 Testing Approach 312 Executive Summary 312 Industry Standard 312 Findings Table 312 Findings Details 313 Key Takeaways 315 Index 317

ALI ABDOLLAHI is a cybersecurity researcher with over 12 years of experience. Currently, he is the application and offensive security manager at Canon EMEA. He studied computer engineering, published articles, and holds several professional certificates. Ali is a Microsoft MVP and regular speaker or trainer at industry conferences and events.

MOTHER'S DAY SPECIALS! SHOW ME MORE

A Beginner's Guide To Web Application Penetration Testing

Ali Abdollahi

$82.95

Paperback

See Also

Contact Abbeys

Contact Galaxy

Contact Language

Contact Us

About ABBEY'S