web_for_pentester.pdf
(
2463 KB
)
Pobierz
WEB FOR PENTESTER
By Louis Nyffenegger <Louis@PentesterLab.com>
PentesterLab.com » Web for Pentester
Table of Content
Table of Content
Introduction
About this exercise
License
Syntax of this course
The web application
2
6
7
7
7
8
The Web
Security model of the web
Web security risks
Web technologies
Architecture
Client side technologies
Server side technologies
Storage backend
11
11
11
12
12
13
13
14
The HTTP protocol
A Client-server dialog
Requests
Methods
Parameters
HTTP Headers
15
15
16
17
17
21
Responses
HTTPs
Listening to HTTP traffic
Generating HTTP traffic
Data encoding
Code vs. data
URL encoding
Double encoding
HTML encoding
23
25
26
27
28
28
28
30
31
2/108
PentesterLab.com » Web for Pentester
Cookies and sessions
HTTP authentication
Web services
Web application security
Client Side Security
Bypassing Client Side Checks
Server side
32
35
36
37
37
41
44
Fingerprinting
Fingerprinting the web server
Browsing the web site
Check for favicon.ico
Check the robots.txt file
Searching for directories and pages
Directory/Pages busting
Finding administration pages
46
46
48
50
50
53
53
54
Generating errors
Keep information
54
56
Building useful tools
Examples of Web vulnerabilities
Cross-Site Scripting (XSS)
Example 1
Example 2
Example 3
Example 4
Example 5
Example 6
Example 7
Example 8
Example 9
58
60
62
65
66
66
66
67
68
69
69
70
SQL injections
Example 1
Example 2
Example 3
Example 4
71
72
75
75
76
3/108
PentesterLab.com » Web for Pentester
Example 5
Example 6
Example 7
Example 8
Example 9
77
78
78
79
80
Directory traversal
Example 1
Example 2
Example 3
81
83
84
84
File include
Example 1
Example 2
84
85
87
Code injection
Example 1
Example 2
Example 3
Example 4
88
89
91
93
94
Command injection
Example 1
Example 2
Example 3
95
96
96
96
LDAP attacks
Example 1
Example 2
97
98
98
Upload
Example 1
Example 2
101
102
102
XML related attacks
Example 1
Example 2
103
104
105
Conclusion
108
4/108
PentesterLab.com » Web for Pentester
5/108
Plik z chomika:
sourkush10
Inne pliki z tego folderu:
WdBIT_OSINT_wprowadzenie-92acaf9b2e21f.pdf
(9609 KB)
cybersecurity-trends-certification-checklist.pdf
(2254 KB)
OSINT nowy wymiar poszukiwań w sieci ebook 228.pdf
(19076 KB)
sekurak zestaw narzędzi ai minibook.pdf
(27464 KB)
hackowanie-aplikacji-webowych-2025-final.pdf
(41731 KB)
Inne foldery tego chomika:
Zgłoś jeśli
naruszono regulamin