Résumé : |
Learn how to build an end-to-end Web application security testing frameworkDescriptionHands-on Penetration Testing for Web Applications offers readers with knowledge and skillset to identify, exploit and control the security vulnerabilities present in commercial web applications including online banking, mobile payments and e-commerce applications.We begin with exposure to modern application vulnerabilities present in web applications. You will learn and gradually practice the core concepts of penetration testing and OWASP Top Ten vulnerabilities including injection, broken authentication and access control, security misconfigurations and cross-site scripting (XSS). What you will learn Complete overview of concepts of web penetration testing. Learn to secure against OWASP TOP 10 web vulnerabilities. Discover security flaws in your web application using most popular tools like nmap and wireshark.Learn to respond modern automated cyber attacks with the help of expert-led tips and tricks.Who this book is forThis book is for Penetration Testers, ethical hackers, and web application developers. People who are new to security testing will also find this book useful. Basic knowledge of HTML, JavaScript would be an added advantage.Table of Contents1. Why Application Security?2. Modern application Vulnerabilities3. Web Pentesting Methodology4. Testing Authentication5. Testing Session Management6. Testing Secure Channels7. Testing Secure Access Control8. Sensitive Data and Information disclosure9. Testing Secure Data validation10. Attacking Application Users: Other Techniques11. Attacking Application Users: Other Techniques12. Automating Custom Attacks13. Pentesting Tools14. Static Code Analysis15. Mitigations and Core Defense Mechanisms |