Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities (Paperback)
暫譯: 漏洞獎勵訓練營:尋找與報告網頁漏洞的指南(平裝本)
Li, Vickie
- 出版商: No Starch Press
- 出版日期: 2021-12-07
- 售價: $1,800
- 貴賓價: 9.5 折 $1,710
- 語言: 英文
- 頁數: 416
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1718501544
- ISBN-13: 9781718501546
-
相關分類:
Penetration-test
立即出貨 (庫存 < 3)
買這商品的人也買了...
-
深入淺出 Linux TCP/IP 協定核心$520$442 -
Linux Kernel Hacks 改善效能、提昇開發效率及節能的技巧與工具$680$537 -
系統管理員懶人包|Shell Script 自動化指令集 (Wicked Cool Shell Scripts)$480$379 -
無瑕的程式碼-敏捷完整篇-物件導向原則、設計模式與 C# 實踐 (Agile principles, patterns, and practices in C#)$790$616 -
特洛伊木馬病毒程式設計:使用 Python$520$406 -
Real-World Bug Hunting: A Field Guide to Web Hacking$1,400$1,330 -
Working Effectively with Legacy Code : 管理、修改、重構遺留程式碼的藝術 (中文版)$720$562 -
$477Rust 權威指南 (The Rust Programming Language (Covers Rust 2018)) -
$347網絡安全防禦實戰 — 藍軍武器庫 -
再強一點:用 Go語言完成六個大型專案$780$616 -
$1,400Network Programming with Go: Learn to Code Secure and Reliable Network Services from Scratch -
使用 AWS 在雲端建置 Linux 伺服器的 20堂課$500$375 -
矽谷工程師教你 Kubernetes:史上最全 CI/CD 中文應用指南(iT邦幫忙鐵人賽系列書)$600$510 -
WebSecurity 網站滲透測試:Burp Suite 完全學習指南 (iT邦幫忙鐵人賽系列書)$600$510 -
$534Web 漏洞搜索 (Real-World Bug Hunting : A Field Guide to Web Hacking) -
Practical Linux Forensics: A Guide for Digital Investigators (Paperback)$2,100$1,995 -
黑帽 Python|給駭客與滲透測試者的 Python 開發指南, 2/e (Black Hat Python : Python Programming for Hackers and Pentesters, 2/e)$450$356 -
Spring REST API 開發與測試指南|使用 Swagger、HATEOAS、JUnit、Mockito、PowerMock、Spring Test$580$458 -
Linux 網路內功修煉 - 徹底了解底層原理及高性能架構$780$663 -
演算法生存指南(書況差限門市銷售)$800$632 -
OAuth 2.0 從入門到實戰:利用驗證和授權守護 API 的安全$600$468 -
讓 AI 好好說話!從頭打造 LLM (大型語言模型) 實戰秘笈$680$537 -
日式 RPG 編年史:從 DQ 到 FF,角色扮演遊戲敘事手法完全剖析$380$300 -
軟體工程師的英語使用守則:English for Developers$420$357 -
內行人才知道的系統設計面試指南 第二輯 (System Design Interview – An Insider's Guide: Volume 2)$820$648
商品描述
Bug Bounty Bootcamp teaches you how to hack web applications. You will learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them. You'll also learn how to navigate bug bounty programs set up by companies to reward security professionals for finding bugs in their web applications.
Bug bounty programs are company-sponsored programs that invite researchers to search for vulnerabilities on their applications and reward them for their findings. This book is designed to help beginners with little to no security experience learn web hacking, find bugs, and stay competitive in this booming and lucrative industry.
You'll start by learning how to choose a program, write quality bug reports, and maintain professional relationships in the industry. Then you'll learn how to set up a web hacking lab and use a proxy to capture traffic. In Part 3 of the book, you'll explore the mechanisms of common web vulnerabilities, like XSS, SQL injection, and template injection, and receive detailed advice on how to find them and bypass common protections. You'll also learn how to chain multiple bugs to maximize the impact of your vulnerabilities.
Finally, the book touches on advanced techniques rarely covered in introductory hacking books but that are crucial to understand to hack web applications. You'll learn how to hack mobile apps, review an application's source code for security issues, find vulnerabilities in APIs, and automate your hacking process. By the end of the book, you'll have learned the tools and techniques necessary to be a competent web hacker and find bugs on a bug bounty program.
商品描述(中文翻譯)
《Bug Bounty Bootcamp》教你如何駭入網頁應用程式。你將學習如何對目標進行偵查、如何識別漏洞以及如何利用這些漏洞。你還將學習如何參加公司設立的漏洞獎勵計畫,這些計畫旨在獎勵安全專業人士發現其網頁應用程式中的漏洞。
漏洞獎勵計畫是由公司贊助的計畫,邀請研究人員在其應用程式中尋找漏洞,並對其發現給予獎勵。本書旨在幫助對安全幾乎沒有經驗的初學者學習網頁駭客技術、尋找漏洞,並在這個蓬勃發展且利潤豐厚的行業中保持競爭力。
你將從學習如何選擇計畫、撰寫高品質的漏洞報告以及在業界維持專業關係開始。接著,你將學習如何設置網頁駭客實驗室並使用代理伺服器捕獲流量。在本書的第三部分,你將探索常見網頁漏洞的機制,如 XSS、SQL 注入和模板注入,並獲得詳細建議,了解如何發現這些漏洞並繞過常見的防護措施。你還將學習如何鏈接多個漏洞,以最大化你的漏洞影響。
最後,本書觸及一些在入門駭客書籍中很少涵蓋的高級技術,但這些技術對於理解如何駭入網頁應用程式至關重要。你將學習如何駭入行動應用程式、檢查應用程式的源代碼以尋找安全問題、在 API 中尋找漏洞,以及自動化你的駭客過程。到本書結束時,你將學會成為一名合格的網頁駭客所需的工具和技術,並在漏洞獎勵計畫中尋找漏洞。
作者簡介
Vickie Li is a developer and security researcher experienced in finding and exploiting vulnerabilities in web applications. She has reported vulnerabilities to firms such as Facebook, Yelp and Starbucks and contributes to a number of online training programs and technical blogs.
作者簡介(中文翻譯)
Vickie Li 是一位開發者和安全研究員,擅長發現和利用網路應用程式中的漏洞。她曾向 Facebook、Yelp 和 Starbucks 等公司報告漏洞,並參與多個線上訓練計畫和技術部落格的貢獻。
