Hands-on Penetration Testing for Web Applications: Run Web Security Testing on Modern Applications Using Nmap, Burp Suite and Wireshark (English Edition)

  • 3h 16m
  • Richa Gupta
  • BPB Publications
  • 2021

Hands-on Penetration Testing for Web Applications offers readers with knowledge and skillset to identify, exploit and control the security vulnerabilities present in commercial web applications including online banking, mobile payments and e-commerce applications.

We begin with exposure to modern application vulnerabilities present in web applications. You will learn and gradually practice the core concepts of penetration testing and OWASP Top Ten vulnerabilities including injection, broken authentication and access control, security misconfigurations and cross-site scripting (XSS). You will then gain advanced skillset by exploring the methodology of security testing and how to work around security testing as a true security professional. This book also brings cutting-edge coverage on exploiting and detecting vulnerabilities such as authentication flaws, session flaws, access control flaws, input validation flaws etc. You will discover an end-to-end implementation of tools such as nmap, burp suite, and wireshark. You will then learn to practice how to execute web application intrusion testing in automated testing tools and also to analyze vulnerabilities and threats present in the source codes.

By the end of this book, you will gain in-depth knowledge of web application testing framework and strong proficiency in exploring and building high secured web applications.

What you will learn

  • Complete overview of concepts of web penetration testing.
  • Learn to secure against OWASP TOP 10 web vulnerabilities.
  • Practice different techniques and signatures for identifying vulnerabilities in the source code of the web application.
  • Discover security flaws in your web application using most popular tools like nmap and wireshark.
  • Learn to respond modern automated cyber attacks with the help of expert-led tips and tricks.
  • Exposure to analysis of vulnerability codes, security automation tools and common security flaws.

Who this book is for

This book is for Penetration Testers, ethical hackers, and web application developers. People who are new to security testing will also find this book useful. Basic knowledge of HTML, JavaScript would be an added advantage.

About the Author

Richa Gupta is a Senior Security test engineer at Altran, where she is responsible for delivering Security Solutions to different financial, digital and retail verticals. Her 7 years of experience in the industry have been dominated by the technical aspects of application security, from the dual perspectives of a consulting and end-user implementation role. She has done attack-based security assessment and penetration testing. She has worked extensively with large-scale web application deployments in the Retail services industry. She has worked on many cloud solutions like AWS, Azure, GCP.

She is a certified penetration tester holding Certified Ethical Hacking (CEH) certification. LinkedIn profile: https://www.linkedin.com/in/richa-gupta-366b6274/

In this Book

  • Why Application Security
  • Web Application Technologies
  • Web Pentesting Methodology
  • Testing Authentication
  • Testing Session Management
  • Testing Secure Channels
  • Testing Secure Access Control
  • Testing Sensitive Data and Information Disclosure
  • Testing Secure Data Validation
  • Attacking Application Users: Other Techniques
  • Testing Configuration and Deployment
  • Automating Security Attacks
  • Penetration Testing Tools
  • Static Code Analysis
  • Mitigations and Core Defense Mechanisms
SHOW MORE
FREE ACCESS

YOU MIGHT ALSO LIKE

Rating 4.6 of 1111 users Rating 4.6 of 1111 users (1111)
Rating 4.6 of 30 users Rating 4.6 of 30 users (30)
Rating 5.0 of 4 users Rating 5.0 of 4 users (4)