Hands-On Bug Hunting for Penetration Testers

Joseph Marshall

Detailed walkthroughs of how to discover, test, and document common web application vulnerabilities.

Key Features

• Learn how to test for common bugs
• Discover tools and methods for hacking ethically
• Practice working through pentesting engagements step-by-step

Book Description

Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.
You will learn about SQli, NoSQLi, XSS, XXE, and other forms of code injection. You'll see how to create CSRF PoC HTML snippets, how to discover hidden content (and what to do with it once it's found), and how to create the tools for automated pentesting workflows.
Then, you'll format all of this information within the context of a bug report that will have the greatest chance of earning you cash.
With detailed walkthroughs that cover discovering, testing, and reporting vulnerabilities, this book is ideal for aspiring security professionals. You should come away from this work with the skills you need to not only find the bugs you're looking for, but also the best bug bounty programs to participate in, and how to grow your skills moving forward in freelance security research.

What you will learn

• Choose what bug bounty programs to engage in
• Understand how to minimize your legal liability and hunt for bugs ethically
• See how to take notes that will make compiling your submission report easier
• Know how to take an XSS vulnerability from discovery to verification, and report submission
• Automate CSRF PoC generation with Python
• Leverage Burp Suite for CSRF detection
• Use WP Scan and other tools to find vulnerabilities in WordPress, Django, and Ruby on Rails applications
• Write your report in a way that will earn you the maximum amount of money

Who this book is for

This book is written for developers, hobbyists, pentesters, and anyone with an interest (and a little experience) in web application security.

---

Pozostałe z kategorii: BezpieczeĂąstwo sieci

Praktyczna analiza pakietĂłw. Wykorzystanie narzĂŞdzia Wireshark do rozwiÂązywania problemĂłw z sieciÂą (59.00zł)
Zbrodnie przyszÂłoÂści. Jak cyberprzestĂŞpcy, korporacje i paĂąstwa mogÂą uÂżywaĂŚ technologii przeciwko Tobie (27.45zł)
Strategie Red Team. Ofensywne testowanie zabezpieczeĂą w praktyce (54.45zł)
Learning Python Web Penetration Testing (109.00zł)
Hacking i testy penetracyjne. Podstawy (39.00zł)
Mroczne odmĂŞty phishingu. Nie daj siĂŞ zÂłowiĂŚ! (21.45zł)
Malware Analysis Techniques (159.00zł)
Warsztat hakera. Testy penetracyjne i inne techniki wykrywania podatnoÂści (64.35zł)
Cybersecurity: The Beginner's Guide (94.99zł)
Learning CoreDNS. Configuring DNS for Cloud Native Environments (220.15zł)
Firewall nie powstrzyma prawdziwego smoka, czyli jak zadbaĂŚ o cyberbezpieczeĂąstwo. Przewodnik dla niefachowcĂłw. Wydanie III (26.95zł)
Techniki twĂłrcĂłw zÂłoÂśliwego oprogramowania. Elementarz programisty (32.90zł)
Internet rzeczy (41.07zł)
Hardware i testy penetracyjne. Przewodnik po metodach ataku i obrony (51.35zł)
BezpieczeĂąstwo aplikacji internetowych dla programistĂłw. Rzeczywiste zagroÂżenia, praktyczna ochrona (32.45zł)
Podpis cyfrowy i identyfikacja uÂżytkownikĂłw w sieci Internet (21.60zł)
Incydenty bezpieczeĂąstwa. Metody reagowania w informatyce Âśledczej (54.45zł)
BackTrack 5. Testy penetracyjne sieci WiFi (49.00zł)
Ransomware. Defending Against Digital Extortion (143.65zł)
BezpieczeĂąstwo w chmurze (55.20zł)

Pozostałe z serii: Inne

ZostaĂą architektem oprogramowania (71.20zł)
Industrial Cybersecurity - Second Edition (159.00zł)
Wireless Hacks. Tips & Tools for Building, Extending, and Securing Your Network. 2nd Edition (101.15zł)
3D Studio Max 3. Æwiczenia praktyczne (9.00zł)
Data Mesh (254.15zł)
Internet. Kurs. Wydanie II (34.90zł)
Magia s³ów. Jak pisaĂŚ teksty, ktĂłre porwÂą tÂłumy. Wydanie 2 rozszerzone (30.44zł)
Learn Microsoft Office 2019 (149.00zł)
Hands-On Python Deep Learning for the Web (129.00zł)
SQL. Wydanie II (34.00zł)
Zarys matematyki wyÂższej dla studentĂłw CzêœÌ 2 (55.20zł)
Word 2016 PL. Æwiczenia praktyczne (29.90zł)
Hands-On TypeScript for C# and .NET Core Developers (159.00zł)
ZarzÂądzanie i realizacja projektĂłw systemu Microsoft SharePoint 2010 (23.52zł)
Hardcore Java (135.15zł)
Kerberos: The Definitive Guide. The Definitive Guide (118.15zł)
Projektowanie rozwiÂązaĂą dla Microsoft SharePoint 2010 (53.46zł)
JavaScript. WyraÂżenia regularne dla programistĂłw (26.95zł)
Network Scanning Cookbook (159.00zł)
Wzorce projektowe uczenia maszynowego. RozwiÂązania typowych problemĂłw dotyczÂących przygotowania danych, konstruowania modeli i MLOps (80.99zł)