دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Burp Suite Cookbook: Web application security made easy with Burp Suite
دانلود کتاب کتاب آشپزی Burp Suite: امنیت برنامه های وب با Burp Suite آسان شده است
مشخصات کتاب
Burp Suite Cookbook: Web application security made easy with Burp Suite
ویرایش: [2 ed.]
نویسندگان: Dr. Sunny Wear
سری:
ISBN (شابک) : 183508107X, 9781835081075
ناشر: Packt Publishing
سال نشر: 2023
تعداد صفحات: 450
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 108 Mb
قیمت کتاب (تومان) : 32,000
در صورت تبدیل فایل کتاب Burp Suite Cookbook: Web application security made easy with Burp Suite به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب کتاب آشپزی Burp Suite: امنیت برنامه های وب با Burp Suite آسان شده است نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی در مورد کتاب کتاب آشپزی Burp Suite: امنیت برنامه های وب با Burp Suite آسان شده است
Burp Suite یک ابزار بسیار قدرتمند و محبوب برای تست امنیت برنامه های وب است. این کتاب مجموعهای از دستور العملها را ارائه میکند که آسیبپذیریها در برنامههای کاربردی وب و APIها را برطرف میکند.
توضیحاتی درمورد کتاب به خارجی
Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs.
فهرست مطالب
Cover Title Page Copyright Dedication Contributors Table of Contents Preface Chapter 1: Getting Started with Burp Suite Downloading Burp Suite (Community and Professional editions) Getting ready How to do it... Setting up a web app pentesting lab Getting ready How to do it... How it works… Creating a PortSwigger account to access Web Security Academy Getting ready How to do it… Starting Burp Suite at a command line or as an executable How to do it... How it works... Listening for HTTP traffic using Burp Getting ready How to do it... How it works... There’s more… Chapter 2: Getting to Know the Burp Suite of Tools Technical requirements Setting the Target Site Map Getting ready How to do it... How it works... Understanding the message editor Getting ready How to do it... Repeating with Repeater Getting ready How to do it... Decoding with Decoder Getting ready How to do it... There’s more... Intruding with Intruder Getting ready How to do it... Chapter 3: Configuring, Crawling, Auditing, and Reporting with Burp Technical requirements Establishing trust over HTTPS Getting ready How to do it... There’s more... Setting project configurations How to do it… Setting user configurations How to do it… How it works… There’s more... Crawling target sites Getting ready How to do it... Creating a custom scan script Getting ready How to do it... There’s more... Reporting issues Getting ready How to do it... Chapter 4: Assessing Authentication Schemes Technical requirements Testing for account enumeration and guessable accounts Getting ready How to do it... Testing for weak lockout mechanisms Getting ready How to do it... Testing for bypassing authentication schemes Getting ready How to do it... How it works… Testing for browser cache weaknesses Getting ready How to do it... How it works… Testing the account provisioning process via the REST API Getting ready How to do it... How it works… Chapter 5: Assessing Authorization Checks Technical requirements Testing for directory traversal Getting ready How to do it... How it works... Testing for LFI Getting ready How to do it... How it works... Testing for RFI Getting ready How to do it... How it works... Testing for privilege escalation Getting ready How to do it... How it works... Testing for IDOR Getting ready How to do it... How it works... Chapter 6: Assessing Session Management Mechanisms Technical requirements Testing session token strength using Sequencer Getting ready How to do it... How it works... Testing for cookie attributes Getting ready How to do it... How it works... Testing for session fixation Getting ready How to do it... How it works... Testing for exposed session variables Getting ready How to do it... How it works... Testing for cross-site request forgery Getting ready How to do it... How it works... Chapter 7: Assessing Business Logic Technical requirements Testing business logic data validation Getting ready How to do it... How it works... Unrestricted file upload – bypassing weak validation Getting ready How to do it... How it works... Performing process-timing attacks Getting ready How to do it... How it works... There’s more... Testing for the circumvention of workflows Getting ready How to do it... How it works... Uploading malicious files – polyglots Getting ready How to do it... How it works... There’s more... Chapter 8: Evaluating Input Validation Checks Technical requirements Testing for reflected cross-site scripting Getting ready How to do it... How it works... Testing for stored cross-site scripting Getting ready How to do it... How it works... Testing for HTTP verb tampering Getting ready How to do it... How it works... Testing for HTTP parameter pollution Getting ready How to do it... How it works... Testing for SQL injection Getting ready How to do it... How it works... There’s more... Testing for command injection Getting ready How to do it... How it works... Chapter 9: Attacking the Client Technical requirements Testing for clickjacking Getting ready How to do it... How it works... Testing for DOM-based cross-site scripting Getting ready How to do it... How it works... Leveraging DOM Invader for testing DOM XSS Getting ready How to do it... How it works... There’s more... Testing for JavaScript execution Getting ready How to do it... How it works... Testing for HTML injection Getting ready How to do it... How it works... Testing for client-side resource manipulation Getting ready How to do it... How it works... Chapter 10: Working with Burp Suite Macros and Extensions Technical requirements Creating session-handling macros Getting ready How to do it... How it works... Getting caught in the cookie jar Getting ready How to do it... How it works... Adding great pentester plugins Getting ready How to do it... How it works... Creating new issues via the Add & Track Custom Issues extension Getting ready How to do it... How it works... See also Working with the Active Scan++ extension Getting ready How to do it... How it works... Using Burp Suite extensions for bug bounties Getting ready How to do it... How it works... Chapter 11: Implementing Advanced Topic Attacks Technical requirements Performing XXE attacks Getting ready How to do it... How it works... Working with JWTs Getting ready How to do it... How it works... Using Burp Suite Collaborator to determine SSRF Getting ready How to do it... How it works... See also Testing CORS Getting ready How to do it... How it works... See also Performing Java deserialization attacks Getting ready How to do it... How it works... Hacking GraphQL using Burp Suite Getting ready How to do it... How it works... There’s more... Index About Packt Other Books You May Enjoy
نظرات کاربران
کتاب های تصادفی
دانلود کتاب Biomedical Engineering and Computational Intelligence: Proceedings of The World Thematic Conference—Biomedical Engineering and Computational Intelligence, BIOCOM 2018
دانلود کتاب Crowd Entrepreneurship: Das Gründungsgeschehen im Wandel
دانلود کتاب Scientist: E. O. Wilson: A Life in Nature
دانلود کتاب The Japanese and Western Science
