Hands-On Application Penetration Testing with Burp Suite
暫譯: 實戰應用滲透測試:使用 Burp Suite
Lozano, Carlos a., Shah, Dhruv, Walikar, Riyaz
- 出版商: Packt Publishing
- 出版日期: 2019-02-28
- 售價: $2,000
- 貴賓價: 9.5 折 $1,900
- 語言: 英文
- 頁數: 366
- 裝訂: Quality Paper - also called trade paper
- ISBN: 178899406X
- ISBN-13: 9781788994064
-
相關分類:
Penetration-test
海外代購書籍(需單獨結帳)
買這商品的人也買了...
-
$520$406 -
$580$493 -
$490$417 -
$400$360 -
$690$538
相關主題
商品描述
Key Features
- Master the skills to perform various types of security tests on your web applications
- Get hands-on experience working with components like scanner, proxy, intruder and much more
- Discover the best-way to penetrate and test web applications
Book Description
Burp suite is a set of graphic tools focused towards penetration testing of web applications. Burp suite is widely used for web penetration testing by many security professionals for performing different web-level security tasks.
The book starts by setting up the environment to begin an application penetration test. You will be able to configure the client and apply target whitelisting. You will also learn to setup and configure Android and IOS devices to work with Burp Suite. The book will explain how various features of Burp Suite can be used to detect various vulnerabilities as part of an application penetration test. Once detection is completed and the vulnerability is confirmed, you will be able to exploit a detected vulnerability using Burp Suite. The book will also covers advanced concepts like writing extensions and macros for Burp suite. Finally, you will discover various steps that are taken to identify the target, discover weaknesses in the authentication mechanism, and finally break the authentication implementation to gain access to the administrative console of the application.
By the end of this book, you will be able to effectively perform end-to-end penetration testing with Burp Suite.
What you will learn
- Set up Burp Suite and its configurations for an application penetration test
- Proxy application traffic from browsers and mobile devices to the server
- Discover and identify application security issues in various scenarios
- Exploit discovered vulnerabilities to execute commands
- Exploit discovered vulnerabilities to gain access to data in various datastores
- Write your own Burp Suite plugin and explore the Infiltrator module
- Write macros to automate tasks in Burp Suite
Who this book is for
If you are interested in learning how to test web applications and the web part of mobile applications using Burp, then this is the book for you. It is specifically designed to meet your needs if you have basic experience in using Burp and are now aiming to become a professional Burp user.
商品描述(中文翻譯)
**主要特點**
- 掌握對您的網頁應用程式執行各種安全測試的技能
- 獲得使用掃描器、代理伺服器、入侵者等組件的實作經驗
- 發現滲透和測試網頁應用程式的最佳方法
**書籍描述**
Burp Suite 是一套專注於網頁應用程式滲透測試的圖形工具。許多安全專業人士廣泛使用 Burp Suite 進行網頁滲透測試,以執行不同的網頁安全任務。
本書首先設置環境以開始應用程式滲透測試。您將能夠配置客戶端並應用目標白名單。您還將學習如何設置和配置 Android 和 iOS 設備以與 Burp Suite 一起使用。本書將解釋如何利用 Burp Suite 的各種功能來檢測應用程式滲透測試中的各種漏洞。一旦檢測完成並確認漏洞,您將能夠使用 Burp Suite 利用已檢測到的漏洞。本書還涵蓋了撰寫 Burp Suite 擴展和宏的進階概念。最後,您將發現識別目標、發現身份驗證機制中的弱點,以及最終破解身份驗證實現以獲取應用程式管理控制台訪問權限的各種步驟。
在本書結束時,您將能夠有效地使用 Burp Suite 執行端到端的滲透測試。
**您將學到什麼**
- 設置 Burp Suite 及其配置以進行應用程式滲透測試
- 將瀏覽器和移動設備的應用程式流量代理到伺服器
- 在各種情境中發現和識別應用程式安全問題
- 利用已發現的漏洞執行命令
- 利用已發現的漏洞獲取各種數據存儲中的數據訪問權限
- 撰寫自己的 Burp Suite 插件並探索 Infiltrator 模組
- 撰寫宏以自動化 Burp Suite 中的任務
**本書適合誰**
如果您有興趣學習如何使用 Burp 測試網頁應用程式和移動應用程式的網頁部分,那麼這本書就是為您而設。它專門設計以滿足您的需求,特別是如果您已經具備使用 Burp 的基本經驗,並且現在希望成為專業的 Burp 使用者。
目錄大綱
- Configuring Burp Suite
- Configuring the Client and Setting Up Mobile Devices
- Executing an Application Penetration Test
- Exploring the Stages of an Application Penetration Test
- Preparing for an Application Penetration Test
- Identifying Vulnerabilities Using Burp Suite
- Detecting Vulnerabilities Using Burp Suite
- Exploiting Vulnerabilities Using Burp Suite - Part 1
- Exploitation of Vulnerabilities using Burp Suite - Part 2
- Writing Burp Suite Extensions
- Breaking the authentication for a large online retailer
- Exploiting and exfiltrating data from a large shipping corporation
目錄大綱(中文翻譯)
- Configuring Burp Suite
- Configuring the Client and Setting Up Mobile Devices
- Executing an Application Penetration Test
- Exploring the Stages of an Application Penetration Test
- Preparing for an Application Penetration Test
- Identifying Vulnerabilities Using Burp Suite
- Detecting Vulnerabilities Using Burp Suite
- Exploiting Vulnerabilities Using Burp Suite - Part 1
- Exploitation of Vulnerabilities using Burp Suite - Part 2
- Writing Burp Suite Extensions
- Breaking the authentication for a large online retailer
- Exploiting and exfiltrating data from a large shipping corporation