A comprehensive guide to effectively understand web attacks for web application security, featuring real-world bug bounty hunting techniques, CVEs, and CTFs Purchase of the print or Kindle book includes a free PDF eBook Key Features: Learn how to find vulnerabilities using source code, dynamic analysis, and decompiling binaries Find and exploit vulnerabilities such as SQL Injection, XSS, Command Injection, RCE, and Reentrancy Analyze real security incidents based on MITRE ATT&CK to understand the risk at the CISO level Book Description: Web attacks and exploits pose an ongoing threat to the interconnected world. This comprehensive book explores the latest challenges in web application security, providing you with an in-depth understanding of hackers' methods and the practical knowledge and skills needed to effectively understand web attacks. The book starts by emphasizing the importance of mindsets and toolsets in conducting successful web attacks. You'll then explore the methodologies and frameworks used in these attacks, and learn how to configure an environment using interception proxies, automate tasks with Bash and Python, and set up a research lab. As you advance through the book, you'll discover how to attack the SAML authentication layer; attack front-facing web applications by learning WordPress and SQL injection, and exploit vulnerabilities in IoT devices, such as command injection, by going through three CTFs and learning about the discovery of seven CVEs. Each chapter analyzes confirmed cases of exploitation mapped with MITRE ATT&CK. You'll also analyze attacks on Electron JavaScript-based applications, such as XSS and RCE, and the security challenges of auditing and exploiting Ethereum smart contracts written in Solidity. Finally, you'll find out how to disclose vulnerabilities. By the end of this book, you'll have enhanced your ability to find and exploit web vulnerabilities. What You Will Learn: Understand the mindset, methodologies, and toolset needed to carry out web attacks Discover how SAML and SSO work and study their vulnerabilities Get to grips with WordPress and learn how to exploit SQL injection Find out how IoT devices work and exploit command injection Familiarize yourself with Electron JavaScript-based applications and transform an XSS to an RCE Discover how to audit Solidity's Ethereum smart contracts Get the hang of decompiling, debugging, and instrumenting web applications Who this book is for: This book is for anyone whose job role involves ensuring their organization's security - penetration testers and red teamers who want to deepen their knowledge of the current security challenges for web applications, developers and DevOps professionals who want to get into the mindset of an attacker; and security managers and CISOs looking to truly understand the impact and risk of web, IoT, and smart contracts. Basic knowledge of web technologies, as well as related protocols is a must.
Author(s): Simone Onofri, Donato Onofri
Edition: 1
Publisher: Packt Publishing
Year: 2023
Language: English
Pages: 338
Cover
Title Page
Copyright and Credits
Dedication
Foreword
Contributors
Table of Contents
Part 1: Attack Preparation
Chapter 1: Mindset and Methodologies
Approach and mindset
The approach
The process
The testing techniques
The baseline competencies
The mindset
Methodologies and frameworks
NIST SP 800-115
Penetration Testing Execution Standard (PTES)
OWASP's WSTG
ISECOM's OSSTMM
The recipe
Summary
Further reading
Chapter 2: Toolset for Web Attacks and Exploitation
Technical requirements
Operating systems and the tools of the trade
Operating system
Linux
Windows
macOS
Browser
Interception proxy
Python for automating web tasks
Virtualization and containerization systems
VirtualBox
Docker
Summary
Further reading
Part 2: Evergreen Attacks
Chapter 3: Attacking the Authentication Layer – a SAML Use Case
Technical requirements
Scenario files
The Doors of Durin SAML login scenario
How does SAML work and what are its vulnerabilities?
What is SAML?
Vulnerabilities on SAML
Other authentication methods used with HTTP
How to discover and exploit vulnerabilities in SAML
Installing SAML Raider
Verifying the typical flow – the happy case
Verifying whether it is possible to send information without signature
Verifying whether it is possible to use a self-signed certificate
Verifying whether it is possible to use XML Signature Wrapping (XSW)
Other attacks and vulnerabilities on SAML
Summary
Further reading
Chapter 4: Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress
Technical requirements
Scenario files
WordPress scenario introduction
How does SQL injection work?
SQL injection types
SQL injection techniques
SQL injection impact
Other injection vulnerabilities
How to discover and exploit SQL injection vulnerabilities
Information gathering and threat modeling
Starting with Static Analysis
Finding interesting files
Analyzing interesting files
Moving to dynamic analysis
Finding the dynamic request
Analyzing the context
Verifying the SQL injection
Exploiting the SQL injection
Writing the exploit with Python
Other attacks and vulnerabilities on internet-facing web applications
The bonus XSS
Summary
Further reading
Chapter 5: Attacking IoT Devices – Command Injection and Path Traversal
Technical requirements
Physical device
Scenario files
IoT router exploitation scenario introduction
How to analyze IoT devices
IoT device analysis
Analyzing industrial control system devices
How to find and exploit vulnerabilities in IoT devices
Basic physical analysis
Firmware analysis
Web Application Analysis
Summary
Further reading
Part 3: Novel Attacks
Chapter 6: Attacking Electron JavaScript Applications – from Cross-Site Scripting (XSS) to Remote Command Execution (RCE)
Technical requirements
Scenario files
Electron JavaScript applications scenario introduction
How Electron JavaScript applications and XSS work
Understanding an Electron JavaScript application’s structure
Common vulnerabilities in Electron applications
How does XSS work?
How to find and exploit XSS in Electron JavaScript applications to obtain RCE
Downloading the source code and running the application
Extracting an Electron packaged application
Instrumenting our Electron JavaScript application
Looking into previous research
Starting the dynamic analysis process
Debugging the application
Analyzing the storage file to locate a potentially stored XSS
Analyzing the code to understand the neutralization function
Confirming the vulnerabilities dynamically
Weaponizing the XSS into an RCE
Other XSS sinks that we found
Other vulnerabilities
Summary
Further reading
Chapter 7: Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic
Technical requirements
Scenario files
LicenseManager smart contract scenario
How smart contracts work on the Ethereum blockchain and security considerations
What are smart contracts in the Ethereum blockchain?
Ethereum blockchain and security
How to find and exploit vulnerabilities in Ethereum smart contracts
Installing Foundry
Auditing the LicenseManager smart contract
Analyzing the source code of the winLicense function
Compiling with “forge build” and analyzing the artifacts
Decompiling and disassembling the smart contract’s bytecode
Dynamic analysis with “forge test”
Exploiting weak sources of randomness from chain attributes
Exploiting business logic vulnerabilities
Exploiting reentrancy and analyzing the traces
Other vulnerabilities
Unleashing the power of Foundry and other tools
Summary
Further reading
Chapter 8: Continuing the Journey of Vulnerability Discovery
An approach to discovering vulnerabilities
Understanding what you are doing
Getting into the flow
The fellowship of the exploit
The dilemma of disclosing vulnerabilities
What we did while writing the book
Different perspectives
Disclosure for Chief Information Security Officers (CISOs)
Vulnerability disclosure today
What’s next?
Summary
Further reading
Index
Other Books You May Enjoy
