Hands-on Penetration Testing for Web Applications: Run Web Security Testing on Modern Applications Using Nmap, Burp Suite and Wireshark Paperback – 29 March 2021

Learn how to build an end-to-end Web application security testing framework Description Hands-on Penetration Testing for Web Applications offers readers with knowledge and skillset to identify, exploit and control the security vulnerabilities present in commercial web applications including online banking, mobile payments and e-commerce applications. We begin with exposure to modern application vulnerabilities present in web applications. You will learn and gradually practice the core concepts of penetration testing and OWASP Top Ten vulnerabilities including injection, broken authentication and access control, security misconfigurations and cross-site scripting (XSS). What you will learn Complete overview of concepts of web penetration testing. Learn to secure against OWASP TOP 10 web vulnerabilities. Discover security flaws in your web application using most popular tools like nmap and wireshark. Learn to respond modern automated cyber attacks with the help of expert-led tips and tricks. Who this book is for This book is for Penetration Testers, ethical hackers, and web application developers. People who are new to security testing will also find this book useful. Basic knowledge of HTML, JavaScript would be an added advantage. Table of Contents 1. Why Application Security? 2. Modern application Vulnerabilities 3. Web Pentesting Methodology 4. Testing Authentication 5. Testing Session Management 6. Testing Secure Channels 7. Testing Secure Access Control 8. Sensitive Data and Information disclosure 9. Testing Secure Data validation 10. Attacking Application Users: Other Techniques 11. Testing Configuration and Deployment 12. Automating Custom Attacks 13. Pentesting Tools 14. Static Code Analysis 15. Mitigations and Core Defense Mechanisms