Attacking and Exploiting Modern Web Applications: Discover the mindset, techniques, and tools to perform modern web attacks. [1 ed.] 9781801816298

Table of contents :
Cover
Title Page
Copyright and Credits
Dedication
Foreword
Contributors
Table of Contents
Part 1: Attack Preparation
Chapter 1: Mindset and Methodologies
Approach and mindset
The approach
The process
The testing techniques
The baseline competencies
The mindset
Methodologies and frameworks
NIST SP 800-115
Penetration Testing Execution Standard (PTES)
OWASP's WSTG
ISECOM's OSSTMM
The recipe
Summary
Further reading
Chapter 2: Toolset for Web Attacks and Exploitation
Technical requirements
Operating systems and the tools of the trade
Operating system
Linux
Windows
macOS
Browser
Interception proxy
Python for automating web tasks
Virtualization and containerization systems
VirtualBox
Docker
Summary
Further reading
Part 2: Evergreen Attacks
Chapter 3: Attacking the Authentication Layer – a SAML Use Case
Technical requirements
Scenario files
The Doors of Durin SAML login scenario
How does SAML work and what are its vulnerabilities?
What is SAML?
Vulnerabilities on SAML
Other authentication methods used with HTTP
How to discover and exploit vulnerabilities in SAML
Installing SAML Raider
Verifying the typical flow – the happy case
Verifying whether it is possible to send information without signature
Verifying whether it is possible to use a self-signed certificate
Verifying whether it is possible to use XML Signature Wrapping (XSW)
Other attacks and vulnerabilities on SAML
Summary
Further reading
Chapter 4: Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress
Technical requirements
Scenario files
WordPress scenario introduction
How does SQL injection work?
SQL injection types
SQL injection techniques
SQL injection impact
Other injection vulnerabilities
How to discover and exploit SQL injection vulnerabilities
Information gathering and threat modeling
Starting with Static Analysis
Finding interesting files
Analyzing interesting files
Moving to dynamic analysis
Finding the dynamic request
Analyzing the context
Verifying the SQL injection
Exploiting the SQL injection
Writing the exploit with Python
Other attacks and vulnerabilities on internet-facing web applications
The bonus XSS
Summary
Further reading
Chapter 5: Attacking IoT Devices – Command Injection and Path Traversal
Technical requirements
Physical device
Scenario files
IoT router exploitation scenario introduction
How to analyze IoT devices
IoT device analysis
Analyzing industrial control system devices
How to find and exploit vulnerabilities in IoT devices
Basic physical analysis
Firmware analysis
Web Application Analysis
Summary
Further reading
Part 3: Novel Attacks
Chapter 6: Attacking Electron JavaScript Applications – from Cross-Site Scripting (XSS) to Remote Command Execution (RCE)
Technical requirements
Scenario files
Electron JavaScript applications scenario introduction
How Electron JavaScript applications and XSS work
Understanding an Electron JavaScript application’s structure
Common vulnerabilities in Electron applications
How does XSS work?
How to find and exploit XSS in Electron JavaScript applications to obtain RCE
Downloading the source code and running the application
Extracting an Electron packaged application
Instrumenting our Electron JavaScript application
Looking into previous research
Starting the dynamic analysis process
Debugging the application
Analyzing the storage file to locate a potentially stored XSS
Analyzing the code to understand the neutralization function
Confirming the vulnerabilities dynamically
Weaponizing the XSS into an RCE
Other XSS sinks that we found
Other vulnerabilities
Summary
Further reading
Chapter 7: Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic
Technical requirements
Scenario files
LicenseManager smart contract scenario
How smart contracts work on the Ethereum blockchain and security considerations
What are smart contracts in the Ethereum blockchain?
Ethereum blockchain and security
How to find and exploit vulnerabilities in Ethereum smart contracts
Installing Foundry
Auditing the LicenseManager smart contract
Analyzing the source code of the winLicense function
Compiling with “forge build” and analyzing the artifacts
Decompiling and disassembling the smart contract’s bytecode
Dynamic analysis with “forge test”
Exploiting weak sources of randomness from chain attributes
Exploiting business logic vulnerabilities
Exploiting reentrancy and analyzing the traces
Other vulnerabilities
Unleashing the power of Foundry and other tools
Summary
Further reading
Chapter 8: Continuing the Journey of Vulnerability Discovery
An approach to discovering vulnerabilities
Understanding what you are doing
Getting into the flow
The fellowship of the exploit
The dilemma of disclosing vulnerabilities
What we did while writing the book
Different perspectives
Disclosure for Chief Information Security Officers (CISOs)
Vulnerability disclosure today
What’s next?
Summary
Further reading
Index
Other Books You May Enjoy