Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web Sites and Applications

Sinha, Sanjib

  • 出版商: Apress
  • 出版日期: 2019-11-13
  • 售價: $1,660
  • 貴賓價: 9.5$1,577
  • 語言: 英文
  • 頁數: 225
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1484253906
  • ISBN-13: 9781484253908
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)
    無現貨庫存(No stock available)



Start with the basics of bug hunting and learn more about implementing an offensive approach by finding vulnerabilities in web applications. Getting an introduction to Kali Linux, you will take a close look at the types of tools available to you and move on to set up your virtual lab. You will then discover how request forgery injection works on web pages and applications in a mission-critical setup. Moving on to the most challenging task for any web application, you will take a look at how cross-site scripting works and find out about effective ways to exploit it.

You will then learn about header injection and URL redirection along with key tips to find vulnerabilities in them. Keeping in mind how attackers can deface your website, you will work with malicious files and automate your approach to defend against these attacks. Moving on to Sender Policy Framework (SPF), you will see tips to find vulnerabilities in it and exploit them. Following this, you will get to know how unintended XML injection and command injection work to keep attackers at bay. Finally, you will examine different attack vectors used to exploit HTML and SQL injection. Overall, Bug Bounty Hunting for Web Security will help you become a better penetration tester and at the same time it will teach you how to earn bounty by hunting bugs in web applications.

What You Will Learn

  • Implement an offensive approach to bug hunting
  • Create and manage request forgery on web pages
  • Poison Sender Policy Framework and exploit it
  • Defend against cross-site scripting (XSS) attacks
  • Inject headers and test URL redirection
  • Work with malicious files and command injection
  • Resist strongly unintended XML attacks

Who This Book Is For
White-hat hacking enthusiasts who are new to bug hunting and are interested in understanding the core concepts.


從基礎的漏洞獵殺開始,並進一步學習如何在網絡應用程序中實施攻擊性方法,找到漏洞。首先介紹Kali Linux,您將仔細研究可用工具的類型,然後設置虛擬實驗室。接下來,您將了解到在關鍵任務設置中,請求偽造注入在網頁和應用程序中的工作原理。然後,您將深入研究任何網絡應用程序最具挑戰性的任務,即跨站腳本攻擊,並找到有效的利用方法。


- 實施攻擊性的漏洞獵殺方法
- 在網頁上創建和管理請求偽造
- 毒化發送者策略框架並利用它
- 防禦跨站腳本(XSS)攻擊
- 注入標頭並測試URL重定向
- 使用惡意文件和命令注入
- 抵抗非預期的XML攻擊



Sanjib Sinha is an author and tech writer. Being a certified .NET Windows and web developer, he has specialized in Python security programming, Linux, and many programming languages that include C#, PHP, Python, Dart, Java, and JavaScript. Sanjib has also won Microsoft's Community Contributor Award in 2011 and he has written Beginning Ethical Hacking with Python, Beginning Ethical Hacking with Kali Linux, and two editions of Beginning Laravel for Apress.


Sanjib Sinha是一位作家和技術作家。作為一名經過認證的.NET Windows和Web開發人員,他專攻於Python安全編程、Linux以及包括C#、PHP、Python、Dart、Java和JavaScript在內的多種編程語言。Sanjib還在2011年獲得了微軟的社區貢獻者獎,並為Apress出版了《用Python開始道德黑客》、《用Kali Linux開始道德黑客》和兩個版本的《用Laravel開始》。