دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Burp Suite Cookbook: Web application security made easy with Burp Suite
دانلود کتاب کتاب آشپزی Burp Suite: امنیت برنامه های وب با Burp Suite آسان شده است
مشخصات کتاب
Burp Suite Cookbook: Web application security made easy with Burp Suite
ویرایش: [2 ed.]
نویسندگان: Dr. Sunny Wear
سری:
ISBN (شابک) : 9781835081075
ناشر: Packt Publishing Pvt Ltd
سال نشر: 2023
تعداد صفحات: 450
زبان: English
فرمت فایل : EPUB (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 66 Mb
قیمت کتاب (تومان) : 52,000
در صورت تبدیل فایل کتاب Burp Suite Cookbook: Web application security made easy with Burp Suite به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب کتاب آشپزی Burp Suite: امنیت برنامه های وب با Burp Suite آسان شده است نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی در مورد کتاب کتاب آشپزی Burp Suite: امنیت برنامه های وب با Burp Suite آسان شده است
Burp Suite یک ابزار بسیار قدرتمند و محبوب برای تست امنیت برنامه های وب است. این کتاب مجموعهای از دستور العملها را ارائه میکند که آسیبپذیریها در برنامههای کاربردی وب و APIها را برطرف میکند.
توضیحاتی درمورد کتاب به خارجی
Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs.
فهرست مطالب
Burp Suite Cookbook
Contributors
About the author
About the reviewer
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Sections
Getting ready
How to do it…
How it works…
There’s more…
See also
Get in touch
Share your thoughts
Download a free PDF copy of this book
1
Getting Started with Burp Suite
Downloading Burp Suite (Community and Professional editions)
Getting ready
How to do it...
Setting up a web app pentesting lab
Getting ready
How to do it...
How it works…
Creating a PortSwigger account to access Web Security Academy
Getting ready
How to do it…
Starting Burp Suite at a command line or as an executable
How to do it...
How it works...
Listening for HTTP traffic using Burp
Getting ready
How to do it...
How it works...
There’s more…
2
Getting to Know the Burp Suite of Tools
Technical requirements
Setting the Target Site Map
Getting ready
How to do it...
How it works...
Understanding the message editor
Getting ready
How to do it...
Repeating with Repeater
Getting ready
How to do it...
Decoding with Decoder
Getting ready
How to do it...
There’s more...
Intruding with Intruder
Getting ready
How to do it...
3
Configuring, Crawling, Auditing, and Reporting with Burp
Technical requirements
Establishing trust over HTTPS
Getting ready
How to do it...
There’s more...
Setting project configurations
How to do it…
Setting user configurations
How to do it…
How it works…
There’s more...
Crawling target sites
Getting ready
How to do it...
Creating a custom scan script
Getting ready
How to do it...
There’s more...
Reporting issues
Getting ready
How to do it...
4
Assessing Authentication Schemes
Technical requirements
Testing for account enumeration and guessable accounts
Getting ready
How to do it...
Testing for weak lockout mechanisms
Getting ready
How to do it...
Testing for bypassing authentication schemes
Getting ready
How to do it...
How it works…
Testing for browser cache weaknesses
Getting ready
How to do it...
How it works…
Testing the account provisioning process via the REST API
Getting ready
How to do it...
How it works…
5
Assessing Authorization Checks
Technical requirements
Testing for directory traversal
Getting ready
How to do it...
How it works...
Testing for LFI
Getting ready
How to do it...
How it works...
Testing for RFI
Getting ready
How to do it...
How it works...
Testing for privilege escalation
Getting ready
How to do it...
How it works...
Testing for IDOR
Getting ready
How to do it...
How it works...
6
Assessing Session Management Mechanisms
Technical requirements
Testing session token strength using Sequencer
Getting ready
How to do it...
How it works...
Testing for cookie attributes
Getting ready
How to do it...
How it works...
Testing for session fixation
Getting ready
How to do it...
How it works...
Testing for exposed session variables
Getting ready
How to do it...
How it works...
Testing for cross-site request forgery
Getting ready
How to do it...
How it works...
7
Assessing Business Logic
Technical requirements
Testing business logic data validation
Getting ready
How to do it...
How it works...
Unrestricted file upload – bypassing weak validation
Getting ready
How to do it...
How it works...
Performing process-timing attacks
Getting ready
How to do it...
How it works...
There’s more...
Testing for the circumvention of workflows
Getting ready
How to do it...
How it works...
Uploading malicious files – polyglots
Getting ready
How to do it...
How it works...
There’s more...
8
Evaluating Input Validation Checks
Technical requirements
Testing for reflected cross-site scripting
Getting ready
How to do it...
How it works...
Testing for stored cross-site scripting
Getting ready
How to do it...
How it works...
Testing for HTTP verb tampering
Getting ready
How to do it...
How it works...
Testing for HTTP parameter pollution
Getting ready
How to do it...
How it works...
Testing for SQL injection
Getting ready
How to do it...
How it works...
There’s more...
Testing for command injection
Getting ready
How to do it...
How it works...
9
Attacking the Client
Technical requirements
Testing for clickjacking
Getting ready
How to do it...
How it works...
Testing for DOM-based cross-site scripting
Getting ready
How to do it...
How it works...
Leveraging DOM Invader for testing DOM XSS
Getting ready
How to do it...
How it works...
There’s more...
Testing for JavaScript execution
Getting ready
How to do it...
How it works...
Testing for HTML injection
Getting ready
How to do it...
How it works...
Testing for client-side resource manipulation
Getting ready
How to do it...
How it works...
10
Working with Burp Suite Macros and Extensions
Technical requirements
Creating session-handling macros
Getting ready
How to do it...
How it works...
Getting caught in the cookie jar
Getting ready
How to do it...
How it works...
Adding great pentester plugins
Getting ready
How to do it...
How it works...
Creating new issues via the Add & Track Custom Issues extension
Getting ready
How to do it...
How it works...
See also
Working with the Active Scan++ extension
Getting ready
How to do it...
How it works...
Using Burp Suite extensions for bug bounties
Getting ready
How to do it...
How it works...
11
Implementing Advanced Topic Attacks
Technical requirements
Performing XXE attacks
Getting ready
How to do it...
How it works...
Working with JWTs
Getting ready
How to do it...
How it works...
Using Burp Suite Collaborator to determine SSRF
Getting ready
How to do it...
How it works...
See also
Testing CORS
Getting ready
How to do it...
How it works...
See also
Performing Java deserialization attacks
Getting ready
How to do it...
How it works...
Hacking GraphQL using Burp Suite
Getting ready
How to do it...
How it works...
There’s more...
Index
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts
Download a free PDF copy of this book
