Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities (Paperback)

Li, Vickie

  • 出版商: No Starch Press
  • 出版日期: 2021-12-07
  • 定價: $1,800
  • 售價: 9.5$1,710
  • 貴賓價: 9.0$1,620
  • 語言: 英文
  • 頁數: 416
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1718501544
  • ISBN-13: 9781718501546
  • 立即出貨 (庫存 < 4)

買這商品的人也買了...

商品描述

Bug Bounty Bootcamp teaches you how to hack web applications. You will learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them. You'll also learn how to navigate bug bounty programs set up by companies to reward security professionals for finding bugs in their web applications.

Bug bounty programs are company-sponsored programs that invite researchers to search for vulnerabilities on their applications and reward them for their findings. This book is designed to help beginners with little to no security experience learn web hacking, find bugs, and stay competitive in this booming and lucrative industry.

You'll start by learning how to choose a program, write quality bug reports, and maintain professional relationships in the industry. Then you'll learn how to set up a web hacking lab and use a proxy to capture traffic. In Part 3 of the book, you'll explore the mechanisms of common web vulnerabilities, like XSS, SQL injection, and template injection, and receive detailed advice on how to find them and bypass common protections. You'll also learn how to chain multiple bugs to maximize the impact of your vulnerabilities.

Finally, the book touches on advanced techniques rarely covered in introductory hacking books but that are crucial to understand to hack web applications. You'll learn how to hack mobile apps, review an application's source code for security issues, find vulnerabilities in APIs, and automate your hacking process. By the end of the book, you'll have learned the tools and techniques necessary to be a competent web hacker and find bugs on a bug bounty program.

商品描述(中文翻譯)

「Bug Bounty Bootcamp」教你如何駭入網路應用程式。你將學習如何對目標進行偵查、辨識漏洞並利用它們。你還將學習如何在公司設立的漏洞賞金計畫中尋找網路應用程式的漏洞,並獲得獎勵。

漏洞賞金計畫是由公司贊助的計畫,邀請研究人員尋找其應用程式的漏洞,並對他們的發現給予獎勵。本書旨在幫助沒有或僅有少量安全經驗的初學者學習網路駭客技術,尋找漏洞,並在這個蓬勃發展且利潤豐厚的行業中保持競爭力。

你將首先學習如何選擇一個計畫,撰寫優質的漏洞報告,並在業界中保持專業關係。然後,你將學習如何建立一個網路駭客實驗室,並使用代理伺服器捕獲流量。在本書的第三部分中,你將探索常見網路漏洞的機制,如 XSS、SQL注入和模板注入,並獲得詳細的建議,以尋找它們並繞過常見的保護措施。你還將學習如何鏈接多個漏洞,以最大化漏洞的影響力。

最後,本書涉及一些在入門駭客書籍中很少涵蓋但對於理解網路應用程式駭客至關重要的高級技術。你將學習如何駭入行動應用程式,檢查應用程式的原始碼以尋找安全問題,尋找API的漏洞,並自動化你的駭客過程。通過本書的學習,你將掌握成為一名優秀的網路駭客並在漏洞賞金計畫中尋找漏洞所需的工具和技術。

作者簡介

Vickie Li is a developer and security researcher experienced in finding and exploiting vulnerabilities in web applications. She has reported vulnerabilities to firms such as Facebook, Yelp and Starbucks and contributes to a number of online training programs and technical blogs.

 

作者簡介(中文翻譯)

Vickie Li 是一位開發者和安全研究人員,擅長發現和利用網路應用程式的漏洞。她曾向 Facebook、Yelp 和 Starbucks 等公司報告漏洞,並參與多個線上培訓計畫和技術部落格的貢獻。