Ebook: Real-World Bug Hunting / A Field Guide to Web Hacking
Author: Peter Yaworski
- Genre: Computers // Security
- Tags: Security, Penetration Testing, Vulnerability Analysis, SQL Injection, XSS, Bug Bounty, XML External Entity, Open Redirect, HTTP Parameter Pollution, HTML Injection, Content Spoofing, Carriage Return Line Feed Injection, Template Injection, Server-Side Request Forgery, Remote Code Execution, Memory Vulnerabilities, Subdomain Takeover, Race Conditions, Insecure Direct Object Reference, OAuth Vulnerabilities, Vulnerability Report
- Year: 2019
- Publisher: No Starch Press
- City: San Francisco, CA
- Edition: 1
- Language: English
- pdf
Learn how people break websites and how you can, too.
Real-World Bug Hunting is the premier field guide to finding software bugs. Whether you're a cyber-security beginner who wants to make the internet safer or a seasoned developer who wants to write secure code, ethical hacker Peter Yaworski will show you how it's done.
You'll learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery. Using real-life case studies of rewarded vulnerabilities from applications like Twitter, Facebook, Google, and Uber, you'll see how hackers manage to invoke race conditions while transferring money, use URL parameter to cause users to like unintended tweets, and more.
Each chapter introduces a vulnerability type accompanied by a series of actual reported bug bounties. The book's collection of tales from the field will teach you how attackers trick users into giving away their sensitive information and how sites may reveal their vulnerabilities to savvy users. You'll even learn how you could turn your challenging new hobby into a successful career. You'll learn:
• How the internet works and basic web hacking concepts
• How attackers compromise websites
• How to identify functionality commonly associated with vulnerabilities
• How to find bug bounty programs and submit effective vulnerability reports
Real-World Bug Hunting is a fascinating soup-to-nuts primer on web security vulnerabilities, filled with stories from the trenches and practical wisdom. With your new understanding of site security and weaknesses, you can help make the web a safer place--and profit while you're at it.
Real-World Bug Hunting is the premier field guide to finding software bugs. Whether you're a cyber-security beginner who wants to make the internet safer or a seasoned developer who wants to write secure code, ethical hacker Peter Yaworski will show you how it's done.
You'll learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery. Using real-life case studies of rewarded vulnerabilities from applications like Twitter, Facebook, Google, and Uber, you'll see how hackers manage to invoke race conditions while transferring money, use URL parameter to cause users to like unintended tweets, and more.
Each chapter introduces a vulnerability type accompanied by a series of actual reported bug bounties. The book's collection of tales from the field will teach you how attackers trick users into giving away their sensitive information and how sites may reveal their vulnerabilities to savvy users. You'll even learn how you could turn your challenging new hobby into a successful career. You'll learn:
• How the internet works and basic web hacking concepts
• How attackers compromise websites
• How to identify functionality commonly associated with vulnerabilities
• How to find bug bounty programs and submit effective vulnerability reports
Real-World Bug Hunting is a fascinating soup-to-nuts primer on web security vulnerabilities, filled with stories from the trenches and practical wisdom. With your new understanding of site security and weaknesses, you can help make the web a safer place--and profit while you're at it.
Download the book Real-World Bug Hunting / A Field Guide to Web Hacking for free or read online
Continue reading on any device:
Last viewed books
Related books
{related-news}
Comments (0)