Adrian Pruteanu con Practical Web Application Penetration Testing: WhiteHat and BlackHat testing of web security applications with Metasploit, Burp Collaborator, and other tools (English Edition)
Learn how to conduct a full web penetration security assessment using whatever tools are best for each assessment stage
- Building on beginner’s books and courses in pen testing
- Covering both BlackHat and WhiteHat perspectives
- Knowing which tool to deploy suited to each application and every situation.
Testing web applications for performance is common; testing web applications for security is, however, difficult, mostly due to the ever-changing threat landscape. There are many web application tools providing what looks like a complete survey and defense against possible threats, which need to be analysed according to the needs and security implications of each website and web service. Practical Web Applications Penetration Testing provides a clear framework to think about web application security, while not forgetting about the tools and frameworks on offer for the intermediate and advanced application security professionals.
Adrian Pruteanu begins with the means by which security threats and ongoing attacks can be discovered. Security tools can manage this task, but logs and general network behavior can indicate problems. He then classifies and describes the range of attacks and defenses a web security professional is likely to encounter. Adrian follows up with 5 consecutive chapters helping the reader along a curve of increasing difficulty. He starts out with the ways in which file systems can be broken into and manipulated, continues with attacks via the privilege system, and outlines the toolkits and insights behind brute force attacks.
The last five chapters of the book assume a change of perspective: Adrian is analyzing the ways in which an attacker works, what attack vectors are likely to be analysed, and how the attack on a web application might be conducted. The chapter on Burp Collaborator starts the process, since it helps to find web application vulnerabilities. The chapters on WordPress and mobile applications analyze two extremely common attack surfaces, while the final two chapters deal with different ways to trigger remote code execution.
What you will learn
- Study the mindset of a BlackHat attacker
- Adopt the mindset of a WhiteHat defender
- Classify and plan for standard web application security threats
- Be aware and know how to combat standard systems security problems
- Know how to defend WordPress and mobile applications
- Use security tools and plan for defense against remote execution
Who This Book Is For
The reader should have basic security experience, for example, by running a network or encountering security issues during application development. Formal education in security is useful, but not required. This title should be suitable for people with 2+ years experience in development, network management or DevOps, with an established interest in security.
About the Author
Adrian Pruteanu has been a security expert for almost 10 years, working for companies such as Mozilla and Canadian Tire. He resides in Toronto, and he carries multiple certifications in security and most of the major tools available in the security market.