Web hacking expert : full-stack exploitation mastery.

[First edition].

[Place of publication not identified] : Packt Publishing, [2022]

1 online resource (1 video file (4 hr., 48 min.)) : sound, color.

Access is available to the Yale community.

Online resource; title from title details screen (O'Reilly, viewed December 12, 2022).

Access restricted by licensing agreement.

Modern web applications are complex and it's all about full-stack nowadays. That's why you need to dive into full-stack exploitation if you want to master web attacks. There is no room for classical web application hacking to exploit modern full-stack web apps and therefore, modern-day exploit methods will be showcased here. In this course, it will be shown to you how hackers can bypass Content Security Policy (CSP) which is the most powerful defensive technology in modern web applications. Then during this course, it will also be demonstrated how web applications can be hacked through PDFs, images, and links. You will also learn how hackers can steal secrets from AngularJS applications, which are very popular these days. Before concluding the course, you will understand how to exploit race conditions in web applications and how serious the consequences of this attack can be. At the end of this course, you would have gained knowledge about other powerful, full-stack attacks on modern web applications such as HTTP parameter pollution, subdomain takeover, and clickjacking. What You Will Learn Dive into full-stack exploitation of modern web applications Learn how hackers can bypass Content Security Policy (CSP) Discover how web applications can be hacked through PDFs, images, and links Explore how hackers can steal secrets from AngularJS applications Check if your web applications are vulnerable to race condition attacks Learn about HTTP parameter pollution, subdomain takeover, and clickjacking Audience This course is ideal for all penetration testers, ethical hackers, bug hunters, and security engineers/consultants who want to enhance and refresh their knowledge of pentesting and hacking. As a prerequisite, an individual with basic to intermediate level knowledge of hacking along with familiarity with common web application vulnerabilities will get the most out of this course. There will not be a dedicated video for installation purposes. About The Author Dawid Czagan: Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among the top hackers at HackerOne. Dawid Czagan has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of many bugs, he received numerous awards for his findings. Dawid Czagan shares his security experience in his hands-on training at key industry conferences worldwide. He is the founder and CEO of Silesia Security Lab.

O'Reilly Safari. OCLC KB.

Images / Online / Video & Film

English

January 08, 2024