How to Attack and Defend Your Website
()
About this ebook
How to Attack and Defend Your Website is a concise introduction to web security that includes hands-on web hacking tutorials. The book has three primary objectives: to help readers develop a deep understanding of what is happening behind the scenes in a web application, with a focus on the HTTP protocol and other underlying web technologies; to teach readers how to use the industry standard in free web application vulnerability discovery and exploitation tools – most notably Burp Suite, a fully featured web application testing tool; and finally, to gain knowledge of finding and exploiting the most common web security vulnerabilities.
This book is for information security professionals and those looking to learn general penetration testing methodology and how to use the various phases of penetration testing to identify and exploit common web protocols.
How to Attack and Defend Your Website is be the first book to combine the methodology behind using penetration testing tools such as Burp Suite and Damn Vulnerable Web Application (DVWA), with practical exercises that show readers how to (and therefore, how to prevent) pwning with SQLMap and using stored XSS to deface web pages.
- Learn the basics of penetration testing so that you can test your own website's integrity and security
- Discover useful tools such as Burp Suite, DVWA, and SQLMap
- Gain a deeper understanding of how your website works and how best to protect it
Henry Dalziel
Henry Dalziel is a serial education entrepreneur, founder of Concise Ac Ltd, online cybersecurity blogger and e-book author. He writes for the Concise-Courses.com blog and has developed numerous cybersecurity continuing education courses and books. Concise Ac Ltd develops and distributes continuing education content [books and courses] for cybersecurity professionals seeking skill enhancement and career advancement. The company was recently accepted onto the UK Trade & Investment's (UKTI) Global Entrepreneur Programme (GEP).
Read more from Henry Dalziel
Introduction to US Cybersecurity Careers Rating: 3 out of 5 stars3/5Cyber Security Awareness for Corporate Directors and Board Members Rating: 1 out of 5 stars1/5How to Defeat Advanced Malware: New Tools for Protection and Forensics Rating: 0 out of 5 stars0 ratingsHow to Define and Build an Effective Cyber Threat Intelligence Capability Rating: 4 out of 5 stars4/5Infosec Management Fundamentals Rating: 5 out of 5 stars5/5Essential Skills for Hackers Rating: 3 out of 5 stars3/5Next Generation Red Teaming Rating: 0 out of 5 stars0 ratingsAutomated Security Analysis of Android and iOS Applications with Mobile Security Framework Rating: 1 out of 5 stars1/5Meeting People via WiFi and Bluetooth Rating: 0 out of 5 stars0 ratingsCyber Security Awareness for CEOs and Management Rating: 2 out of 5 stars2/5Cyber Security Awareness for Lawyers Rating: 0 out of 5 stars0 ratingsSecuring Social Media in the Enterprise Rating: 0 out of 5 stars0 ratingsDeploying Secure Containers for Training and Development Rating: 0 out of 5 stars0 ratingsCyber Security Awareness for Accountants and CPAs Rating: 0 out of 5 stars0 ratings
Related to How to Attack and Defend Your Website
Related ebooks
Hacking Web Intelligence: Open Source Intelligence and Web Reconnaissance Concepts and Techniques Rating: 0 out of 5 stars0 ratingsIntroduction to Web Hacking: Cross-site Scripting Rating: 0 out of 5 stars0 ratingsWeb Penetration Testing: Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsHacking of Computer Networks: Full Course on Hacking of Computer Networks Rating: 0 out of 5 stars0 ratingsThe Browser Hacker's Handbook Rating: 0 out of 5 stars0 ratingsMastering Modern Web Penetration Testing Rating: 0 out of 5 stars0 ratingsWeb Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' Rating: 5 out of 5 stars5/5Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research Rating: 0 out of 5 stars0 ratingsMetasploit Bootcamp Rating: 5 out of 5 stars5/5Burp Suite Essentials Rating: 4 out of 5 stars4/5Dissecting the Hack: The F0rb1dd3n Network, Revised Edition Rating: 5 out of 5 stars5/5The Basics of Web Hacking: Tools and Techniques to Attack the Web Rating: 3 out of 5 stars3/5Kali Linux Web Penetration Testing Cookbook Rating: 0 out of 5 stars0 ratingsKali Linux Intrusion and Exploitation Cookbook Rating: 5 out of 5 stars5/5Instant Java Password and Authentication Security Rating: 0 out of 5 stars0 ratingsSQL Injection Attacks and Defense Rating: 5 out of 5 stars5/5Mastering Metasploit Rating: 0 out of 5 stars0 ratingsKali Linux 2 – Assuring Security by Penetration Testing - Third Edition Rating: 0 out of 5 stars0 ratingsKali Linux CTF Blueprints Rating: 0 out of 5 stars0 ratingsSome Tutorials in Computer Networking Hacking Rating: 0 out of 5 stars0 ratingsSeven Deadliest Web Application Attacks Rating: 0 out of 5 stars0 ratingsPenetration Tester's Open Source Toolkit Rating: 4 out of 5 stars4/5Coding for Penetration Testers: Building Better Tools Rating: 0 out of 5 stars0 ratingsBurp Suite A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsOSINT Hacker's Arsenal: Metagoofil, Theharvester, Mitaka, Builtwith Rating: 0 out of 5 stars0 ratingsGoogle Hacking for Penetration Testers Rating: 4 out of 5 stars4/5Mastering Kali Linux for Advanced Penetration Testing Rating: 4 out of 5 stars4/5Perfect Password: Selection, Protection, Authentication Rating: 4 out of 5 stars4/5Nmap 6: Network Exploration and Security Auditing Cookbook Rating: 0 out of 5 stars0 ratings
Internet & Web For You
More Porn - Faster!: 50 Tips & Tools for Faster and More Efficient Porn Browsing Rating: 3 out of 5 stars3/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5The $1,000,000 Web Designer Guide: A Practical Guide for Wealth and Freedom as an Online Freelancer Rating: 5 out of 5 stars5/5Grokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5Coding For Dummies Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5The Mega Box: The Ultimate Guide to the Best Free Resources on the Internet Rating: 4 out of 5 stars4/5The Logo Brainstorm Book: A Comprehensive Guide for Exploring Design Directions Rating: 4 out of 5 stars4/5Learn JavaScript in 24 Hours Rating: 3 out of 5 stars3/5Beginner's Guide To Starting An Etsy Print-On-Demand Shop Rating: 0 out of 5 stars0 ratingsThe Internet Is Not What You Think It Is: A History, a Philosophy, a Warning Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5The Designer's Web Handbook: What You Need to Know to Create for the Web Rating: 0 out of 5 stars0 ratingsHow to Disappear and Live Off the Grid: A CIA Insider's Guide Rating: 0 out of 5 stars0 ratingsThe Digital Marketing Handbook: A Step-By-Step Guide to Creating Websites That Sell Rating: 5 out of 5 stars5/5Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5Six Figure Blogging Blueprint Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5How To Start A Profitable Authority Blog In Under One Hour Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5How To Start A Podcast Rating: 4 out of 5 stars4/5How To Make Money Blogging: How I Replaced My Day-Job With My Blog and How You Can Start A Blog Today Rating: 4 out of 5 stars4/5The Beginner's Affiliate Marketing Blueprint Rating: 4 out of 5 stars4/5No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State Rating: 4 out of 5 stars4/5
Reviews for How to Attack and Defend Your Website
0 ratings0 reviews
Book preview
How to Attack and Defend Your Website - Henry Dalziel
How to Attack and Defend Your Website
Henry Dalziel
Table of Contents
Cover
Title page
Copyright
Author Biography
Contributing Editor Biography
Introduction
Chapter 1: Web Technologies
Abstract
1.1. Web servers
1.2. Client-side versus server-side programming languages
1.3. JavaScript – what is it?
1.4. What can JavaScript do?
1.5. What can JavaScript not do?
1.6. Databases
1.7. What about HTML?
1.8. Web technologies – putting it together
1.9. Digging deeper
1.10. Hypertext Transfer Protocol (HTTP)
1.11. Verbs
1.12. Special characters and encodings
1.13. Cookies, sessions, and authentication
1.14. Short exercise: Linux machine setup
1.15. Using the Burp Suite intercepting proxy
1.16. Why is the intercepting proxy important?
1.17. Short exercise – using the Burp Suite decoder
1.18. Short exercise – getting comfortable with HTTP and Burp Suite
1.19. Understanding the application
1.20. The Burp Suite site map
1.21. Discovering content and structures
1.22. Understanding an application
Chapter 2: Exploitation
Abstract
2.1. Bypassing client side controls
2.2. Bypassing client-side controls – example
2.3. Bypassing client-side controls – exercise solution
2.4. SQL injection
2.5. SQL injection
2.6. Short Exercise: Pwning with SQLMap
2.7. Cross-site scripting (XSS)
2.8. Stored cross-site scripting XSS
2.9. Short exercise: using stored XSS to deface a website
Chapter 3: Finding Vulnerabilities
Abstract
3.1. The basic process – steps
3.2. Exercise – finding vulnerabilities
Copyright
Syngress is an imprint of Elsevier
225 Wyman Street, Waltham, MA 02451, USA
Copyright © 2015 Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
ISBN: 978-0-12-802732-5
For information on all Syngress publications visit our website at http://store.elsevier.com/
Author Biography
Henry Dalziel is a serial education entrepreneur, founder of Concise Ac Ltd, online cybersecurity blogger, and e-book author. He writes for the blog "Concise-Courses.com" and has developed numerous cybersecurity continuing education courses and books. Concise Ac Ltd develops and distributes continuing education content (books and courses) for cybersecurity professionals seeking skill enhancement and career