Zed Attack Proxy Cookbook: Hacking tactics, techniques, and procedures for testing web applications and APIs (Paperback)
暫譯: Zed Attack Proxy 食譜:測試網頁應用程式和 API 的駭客戰術、技術與程序 (平裝本)
Soper, Ryan, Torres, Nestor N., Almoailu, Ahmed
- 出版商: Packt Publishing
- 出版日期: 2023-03-10
- 售價: $1,640
- 貴賓價: 9.5 折 $1,558
- 語言: 英文
- 頁數: 284
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1801817332
- ISBN-13: 9781801817332
-
相關分類:
駭客 Hack
立即出貨 (庫存=1)
買這商品的人也買了...
-
大話設計模式$620$527 -
Identity and Data Security for Web Development: Best Practices$1,292$1,224 -
Attacking Network Protocols|王牌駭客的網路攻防手法大公開 (Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation)$480$408 -
領域驅動設計:軟體核心複雜度的解決方法 (Domain-Driven Design: Tackling Complexity in the Heart of Software)$680$530 -
重構|改善既有程式的設計, 2/e (繁中平裝版)(Refactoring: Improving The Design of Existing Code, 2/e)$800$632 -
Kali Linux 滲透測試工具|花小錢做資安,你也是防駭高手, 3/e$880$748 -
$1,782Web Application Security: Exploitation and Countermeasures for Modern Web Applications -
$301Web 安全漏洞原理及實戰 -
神之手:動畫大神 加加美高浩的繪手神技$550$495 -
零信任網路|在不受信任的網路中建構安全系統 (Zero Trust Networks)$480$379 -
重新認識 Vue.js:008天絕對看不完的 Vue.js 3 指南$600$468 -
生活資安五四三!:從生活周遭看風險與資訊安全(iT邦幫忙鐵人賽系列書)$500$390 -
Windows APT Warfare:惡意程式前線戰術指南$600$468 -
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)$600$468 -
網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works)$480$379 -
$356Metasploit Web 滲透測試實戰 -
Web API 設計原則|API 與微服務傳遞價值之道 (Principles of Web API Design: Delivering Value with APIs and Microservices)$520$410 -
Cybersecurity Threats, Malware Trends, and Strategies : Discover risk mitigation strategies for modern threats to your organization, 2/e (Paperback)$1,710$1,625 -
駭客就在你旁邊:內網安全攻防滲透你死我活, 2/e$880$695 -
快速學會 Python 架站技術:活用 Django 4 建構動態網站的 16堂課$780$608 -
$764隱私保護計算實戰
商品描述
Dive into security testing and web app scanning with ZAP, a powerful OWASP security tool
Purchase of the print or Kindle book includes a free PDF eBook
Key Features
• Master ZAP to protect your systems from different cyber attacks
• Learn cybersecurity best practices using this step-by-step guide packed with practical examples
• Implement advanced testing techniques, such as XXE attacks and Java deserialization, on web applications
Book Description
Maintaining your cybersecurity posture in the ever-changing, fast-paced security landscape requires constant attention and advancements. This book will help you safeguard your organization using the free and open source OWASP Zed Attack Proxy (ZAP) tool, which allows you to test for vulnerabilities and exploits with the same functionality as a licensed tool.
Zed Attack Proxy Cookbook contains a vast array of practical recipes to help you set up, configure, and use ZAP to protect your vital systems from various adversaries. If you're interested in cybersecurity or working as a cybersecurity professional, this book will help you master ZAP.
You'll start with an overview of ZAP and understand how to set up a basic lab environment for hands-on activities over the course of the book. As you progress, you'll go through a myriad of step-by-step recipes detailing various types of exploits and vulnerabilities in web applications, along with advanced techniques such as Java deserialization.
By the end of this ZAP book, you'll be able to install and deploy ZAP, conduct basic to advanced web application penetration attacks, use the tool for API testing, deploy an integrated BOAST server, and build ZAP into a continuous integration and continuous delivery (CI/CD) pipeline.
What you will learn
• Install ZAP on different operating systems or environments
• Explore how to crawl, passively scan, and actively scan web apps
• Discover authentication and authorization exploits
• Conduct client-side testing by examining business logic flaws
• Use the BOAST server to conduct out-of-band attacks
• Understand the integration of ZAP into the final stages of a CI/CD pipeline
Who this book is for
This book is for cybersecurity professionals, ethical hackers, application security engineers, DevSecOps engineers, students interested in web security, cybersecurity enthusiasts, and anyone from the open source cybersecurity community looking to gain expertise in ZAP. Familiarity with basic cybersecurity concepts will be helpful to get the most out of this book.
商品描述(中文翻譯)
深入了解安全測試和網頁應用程式掃描,使用 ZAP 這個強大的 OWASP 安全工具
購買印刷版或 Kindle 版書籍可獲得免費 PDF 電子書
主要特點
• 精通 ZAP 以保護您的系統免受各種網路攻擊
• 使用這本包含實用範例的逐步指南學習網路安全最佳實踐
• 在網頁應用程式上實施進階測試技術,例如 XXE 攻擊和 Java 反序列化
書籍描述
在不斷變化、快速發展的安全環境中維持您的網路安全姿態需要持續的關注和進步。本書將幫助您使用免費且開源的 OWASP Zed Attack Proxy (ZAP) 工具來保護您的組織,該工具允許您測試漏洞和利用,具備與授權工具相同的功能。
Zed Attack Proxy Cookbook 包含大量實用的食譜,幫助您設置、配置和使用 ZAP 來保護您的重要系統免受各種對手的攻擊。如果您對網路安全感興趣或作為網路安全專業人員工作,本書將幫助您精通 ZAP。
您將從 ZAP 的概述開始,了解如何設置基本的實驗室環境,以便在本書的過程中進行實作活動。隨著進展,您將通過各種逐步食譜,詳細了解網頁應用程式中的各類利用和漏洞,以及進階技術,例如 Java 反序列化。
在本 ZAP 書籍結束時,您將能夠安裝和部署 ZAP,進行從基本到進階的網頁應用程式滲透攻擊,使用該工具進行 API 測試,部署集成的 BOAST 伺服器,並將 ZAP 建立到持續集成和持續交付 (CI/CD) 流程中。
您將學到的內容
• 在不同的操作系統或環境中安裝 ZAP
• 探索如何爬行、被動掃描和主動掃描網頁應用程式
• 發現身份驗證和授權漏洞
• 通過檢查業務邏輯缺陷進行客戶端測試
• 使用 BOAST 伺服器進行帶外攻擊
• 了解 ZAP 如何整合到 CI/CD 流程的最終階段
本書適合誰
本書適合網路安全專業人員、道德駭客、應用安全工程師、DevSecOps 工程師、對網頁安全感興趣的學生、網路安全愛好者,以及任何希望在 ZAP 中獲得專業知識的開源網路安全社群成員。熟悉基本的網路安全概念將有助於您充分利用本書。
目錄大綱
1. Getting Started with OWASP Zed Attack Proxy
2. Navigating the UI
3. Configuring, Crawling, Scanning, and Reporting
4. Authentication and Authorization Testing
5. Testing of Session Management
6. Validating (Data) Inputs - Part 1
7. Validating (Data) Inputs - Part 2
8. Business Logic Testing
9. Client-Side Testing
10 Advanced Attack Techniques
11. Advanced Adventures with ZAP
目錄大綱(中文翻譯)
1. Getting Started with OWASP Zed Attack Proxy
2. Navigating the UI
3. Configuring, Crawling, Scanning, and Reporting
4. Authentication and Authorization Testing
5. Testing of Session Management
6. Validating (Data) Inputs - Part 1
7. Validating (Data) Inputs - Part 2
8. Business Logic Testing
9. Client-Side Testing
10 Advanced Attack Techniques
11. Advanced Adventures with ZAP
