Burp Suite Cookbook: Practical recipes to help you master web penetration testing with Burp Suite

Sunny Wear

  • 出版商: Packt Publishing
  • 出版日期: 2018-09-27
  • 售價: $1,980
  • 貴賓價: 9.5$1,881
  • 語言: 英文
  • 頁數: 358
  • 裝訂: Paperback
  • ISBN: 178953173X
  • ISBN-13: 9781789531732
  • 相關分類: Penetration-test
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

相關主題

商品描述

Get hands-on experience in using Burp Suite to execute attacks and perform web assessments

Key Features

  • Explore the tools in Burp Suite to meet your web infrastructure security demands
  • Configure Burp to fine-tune the suite of tools specific to the target
  • Use Burp extensions to assist with different technologies commonly found in application stacks

Book Description

Burp Suite is a Java-based platform for testing the security of your web applications, and has been adopted widely by professional enterprise testers.

The Burp Suite Cookbook contains recipes to tackle challenges in determining and exploring vulnerabilities in web applications. You will learn how to uncover security flaws with various test cases for complex environments. After you have configured Burp for your environment, you will use Burp tools such as Spider, Scanner, Intruder, Repeater, and Decoder, among others, to resolve specific problems faced by pentesters. You will also explore working with various modes of Burp and then perform operations on the web. Toward the end, you will cover recipes that target specific test scenarios and resolve them using best practices.

By the end of the book, you will be up and running with deploying Burp for securing web applications.

What you will learn

  • Configure Burp Suite for your web applications
  • Perform authentication, authorization, business logic, and data validation testing
  • Explore session management and client-side testing
  • Understand unrestricted file uploads and server-side request forgery
  • Execute XML external entity attacks with Burp
  • Perform remote code execution with Burp

Who this book is for

If you are a security professional, web pentester, or software developer who wants to adopt Burp Suite for applications security, this book is for you.

Table of Contents

  1. Getting Started with Burp Suite
  2. Getting to Know the Burp Suite of Tools
  3. Configuring, Spidering, Scanning, and Reporting with Burp
  4. Assessing Authentication Schemes
  5. Assessing Authorization Checks
  6. Assessing Session Management Mechanisms
  7. Assessing Business Logic
  8. Evaluating Input Validation Checks
  9. Attacking the Client
  10. Working with Burp Macros and Extensions
  11. Implementing Advanced Topic Attacks

商品描述(中文翻譯)

使用Burp Suite進行攻擊和網站評估的實踐經驗

主要特點



  • 探索Burp Suite中的工具,以滿足您的網絡基礎設施安全需求

  • 配置Burp以微調特定於目標的工具套件

  • 使用Burp擴展來協助處理常見於應用程式堆疊中的不同技術

書籍描述


Burp Suite是一個基於Java的平台,用於測試您的網絡應用程式的安全性,並且已被專業企業測試人員廣泛採用。


《Burp Suite Cookbook》提供了解決網絡應用程式中漏洞和探索漏洞的方法。您將學習如何使用各種測試案例來發現安全漏洞,並解決複雜環境中的問題。在為您的環境配置Burp之後,您將使用Burp工具,如Spider、Scanner、Intruder、Repeater和Decoder等,解決測試人員面臨的具體問題。您還將探索使用Burp的各種模式並在網絡上執行操作。最後,您將使用最佳實踐解決特定測試場景的問題。


通過本書,您將能夠使用Burp來保護網絡應用程式。

您將學到什麼



  • 為您的網絡應用程式配置Burp Suite

  • 執行身份驗證、授權、業務邏輯和數據驗證測試

  • 探索會話管理和客戶端測試

  • 了解無限制的文件上傳和伺服器端請求偽造

  • 使用Burp執行XML外部實體攻擊

  • 使用Burp執行遠程代碼執行

本書適合對象


如果您是安全專業人員、網絡測試人員或軟體開發人員,並希望在應用程式安全方面採用Burp Suite,那麼本書適合您。

目錄



  1. 開始使用Burp Suite

  2. 了解Burp Suite的工具

  3. 配置、爬蟲、掃描和報告使用Burp

  4. 評估身份驗證方案

  5. 評估授權檢查

  6. 評估會話管理機制

  7. 評估業務邏輯

  8. 評估輸入驗證檢查

  9. 攻擊客戶端

  10. 使用Burp宏和擴展

  11. 實施高級主題攻擊