Celebrate the holidays with Apress Access for just $/£/€ 99!

Bug Bounty Hunting for Web Security

Find and Exploit Vulnerabilities in Web sites and Applications

Authors: Sinha, Sanjib

Download source code Free Preview
  • Shows how to earn Bounty by hunting bugs in web application
  •  
  • Explains how learning to find vulnerabilities in websites will help you become a better penetration tester
  •  
  • Covers the two most powerful security tools of penetration testing: Burp Suite and OWASP ZAP
see more benefits

Buy this book

eBook $24.99
price for USA (gross)
  • ISBN 978-1-4842-5391-5
  • Digitally watermarked, DRM-free
  • Included format: EPUB, PDF
  • ebooks can be used on all reading devices
  • Immediate eBook download after purchase
Softcover $32.99
price for USA
  • ISBN 978-1-4842-5390-8
  • Free shipping for individuals worldwide
  • Usually dispatched within 3 to 5 business days.
About this book

Start with the basics of bug hunting and learn more about implementing an offensive approach by finding vulnerabilities in web applications. Getting an introduction to Kali Linux, you will take a close look at the types of tools available to you and move on to set up your virtual lab. You will then discover how request forgery injection works on web pages and applications in a mission-critical setup. Moving on to the most challenging task for any web application, you will take a look at how cross-site scripting works and find out about effective ways to exploit it. 

 

You will then learn about header injection and URL redirection along with key tips to find vulnerabilities in them. Keeping in mind how attackers can deface your website, you will work with malicious files and automate your approach to defend against these attacks. Moving on to Sender Policy Framework (SPF), you will see tips to find vulnerabilities in it and exploit them. Following this, you will get to know how unintended XML injection and command injection work to keep attackers at bay. Finally, you will examine different attack vectors used to exploit HTML and SQL injection. Overall, Bug Bounty Hunting for Web Security will help you become a better penetration tester and at the same time it will teach you how to earn bounty by hunting bugs in web applications.

 

What You Will Learn

  • Implement an offensive approach to bug hunting
  • Create and manage request forgery on web pages
  • Poison Sender Policy Framework and exploit it
  • Defend against cross-site scripting (XSS) attacks 
  • Inject headers and test URL redirection
  • Work with malicious files and command injection
  • Resist strongly unintended XML attacks 

Who This Book Is For
White-hat hacking enthusiasts who are new to bug hunting and are interested in understanding the core concepts.

About the authors

Sanjib Sinha is an author and tech writer. Being a certified .NET Windows and web developer, he has specialized in Python security programming, Linux, and many programming languages that include C#, PHP, Python, Dart, Java, and JavaScript. Sanjib has also won Microsoft's Community Contributor Award in 2011 and he has written Beginning Ethical Hacking with Python, Beginning Ethical Hacking with Kali Linux, and two editions of Beginning Laravel for Apress.

Table of contents (10 chapters)

Table of contents (10 chapters)
  • Introduction to Hunting Bugs

    Pages 1-5

    Sinha, Sanjib

  • Setting Up Your Environment

    Pages 7-35

    Sinha, Sanjib

  • How to Inject Request Forgery

    Pages 37-55

    Sinha, Sanjib

  • How to Exploit Through Cross-Site Scripting (XSS)

    Pages 57-78

    Sinha, Sanjib

  • Header Injection and URL Redirection

    Pages 79-96

    Sinha, Sanjib

Buy this book

eBook $24.99
price for USA (gross)
  • ISBN 978-1-4842-5391-5
  • Digitally watermarked, DRM-free
  • Included format: EPUB, PDF
  • ebooks can be used on all reading devices
  • Immediate eBook download after purchase
Softcover $32.99
price for USA
  • ISBN 978-1-4842-5390-8
  • Free shipping for individuals worldwide
  • Usually dispatched within 3 to 5 business days.

Services for this book

Loading...

Bibliographic Information

Bibliographic Information
Book Title
Bug Bounty Hunting for Web Security
Book Subtitle
Find and Exploit Vulnerabilities in Web sites and Applications
Authors
Copyright
2019
Publisher
Apress
Copyright Holder
Sanjib Sinha
Distribution Rights
Standard Apress Distro
eBook ISBN
978-1-4842-5391-5
DOI
10.1007/978-1-4842-5391-5
Softcover ISBN
978-1-4842-5390-8
Edition Number
1
Number of Pages
XVI, 225
Number of Illustrations
140 b/w illustrations
Topics