Ethical Hacker's Penetration Testing Guide: Vulnerability Assessment and Attack Simulation on Web, Mobile, Network Services and Wireless Networks (Eng
暫譯: 道德駭客滲透測試指南:網頁、行動裝置、網路服務及無線網路的漏洞評估與攻擊模擬
Rakshit, Samir Kumar
- 出版商: Bpb Publications
- 出版日期: 2022-06-23
- 售價: $1,390
- 貴賓價: 9.5 折 $1,321
- 語言: 英文
- 頁數: 474
- 裝訂: Quality Paper - also called trade paper
- ISBN: 9355512155
- ISBN-13: 9789355512154
-
相關分類:
Penetration-test、Wireless-networks、駭客 Hack
海外代購書籍(需單獨結帳)
相關主題
商品描述
Discover security posture, vulnerabilities, and blind spots ahead of the threat actor
KEY FEATURES
● Includes illustrations and real-world examples of pentesting web applications, REST APIs, thick clients, mobile applications, and wireless networks.
● Covers numerous techniques such as Fuzzing (FFuF), Dynamic Scanning, Secure Code Review, and bypass testing.
● Practical application of Nmap, Metasploit, SQLmap, OWASP ZAP, Wireshark, and Kali Linux.
DESCRIPTION
The 'Ethical Hacker's Penetration Testing Guide' is a hands-on guide that will take you from the fundamentals of pen testing to advanced security testing techniques. This book extensively uses popular pen testing tools such as Nmap, Burp Suite, Metasploit, SQLmap, OWASP ZAP, and Kali Linux.
A detailed analysis of pentesting strategies for discovering OWASP top 10 vulnerabilities, such as cross-site scripting (XSS), SQL Injection, XXE, file upload vulnerabilities, etc., are explained. It provides a hands-on demonstration of pentest approaches for thick client applications, mobile applications (Android), network services, and wireless networks. Other techniques such as Fuzzing, Dynamic Scanning (DAST), and so on are also demonstrated. Security logging, harmful activity monitoring, and pentesting for sensitive data are also included in the book. The book also covers web security automation with the help of writing effective python scripts.
Through a series of live demonstrations and real-world use cases, you will learn how to break applications to expose security flaws, detect the vulnerability, and exploit it appropriately. Throughout the book, you will learn how to identify security risks, as well as a few modern cybersecurity approaches and popular pentesting tools.
WHAT YOU WILL LEARN
● Expose the OWASP top ten vulnerabilities, fuzzing, and dynamic scanning.
● Get well versed with various pentesting tools for web, mobile, and wireless pentesting.
● Investigate hidden vulnerabilities to safeguard critical data and application components.
● Implement security logging, application monitoring, and secure coding.
WHO THIS BOOK IS FOR
This book is intended for pen testers, ethical hackers, security analysts, cyber professionals, security consultants, and anybody interested in learning about penetration testing, tools, and methodologies. Knowing concepts of penetration testing is preferable but not required.
商品描述(中文翻譯)
發現安全態勢、漏洞和盲點,提前了解威脅行為者
主要特點
● 包含針對網頁應用程式、REST API、厚客戶端、行動應用程式和無線網路的滲透測試插圖和實際案例。
● 涵蓋多種技術,如模糊測試 (Fuzzing, FFuF)、動態掃描 (Dynamic Scanning)、安全代碼審查 (Secure Code Review) 和繞過測試 (bypass testing)。
● 實際應用 Nmap、Metasploit、SQLmap、OWASP ZAP、Wireshark 和 Kali Linux。
描述
《道德駭客的滲透測試指南》是一本實用指南,將帶您從滲透測試的基本原理進入高級安全測試技術。本書廣泛使用流行的滲透測試工具,如 Nmap、Burp Suite、Metasploit、SQLmap、OWASP ZAP 和 Kali Linux。
詳細分析了發現 OWASP 前十名漏洞的滲透測試策略,例如跨站腳本 (XSS)、SQL 注入、XXE、檔案上傳漏洞等。提供了針對厚客戶端應用程式、行動應用程式 (Android)、網路服務和無線網路的滲透測試方法的實作示範。還展示了其他技術,如模糊測試、動態掃描 (DAST) 等。書中還包括安全日誌記錄、有害活動監控和針對敏感數據的滲透測試。本書還涵蓋了利用撰寫有效的 Python 腳本進行網頁安全自動化。
透過一系列現場示範和實際案例,您將學會如何攻破應用程式以揭露安全缺陷、檢測漏洞並適當利用它。在整本書中,您將學會如何識別安全風險,以及一些現代網路安全方法和流行的滲透測試工具。
您將學到什麼
● 揭露 OWASP 前十名漏洞、模糊測試和動態掃描。
● 熟悉各種針對網頁、行動和無線滲透測試的工具。
● 調查隱藏的漏洞以保護關鍵數據和應用程式組件。
● 實施安全日誌記錄、應用程式監控和安全編碼。
本書適合誰閱讀
本書適合滲透測試人員、道德駭客、安全分析師、網路專業人士、安全顧問以及任何對滲透測試、工具和方法論感興趣的人。了解滲透測試的概念是可取的,但不是必需的。
