A comprehensive guide to effectively understand web attacks for web application security, featuring real-world bug bounty hunting techniques, CVEs, and CTFs Purchase of the print or Kindle book includes a free PDF eBook Key Features: Learn how to find vulnerabilities using source code, dynamic analysis, and decompiling binaries Find and exploit vulnerabilities such as SQL Injection, XSS, Command Injection, RCE, and Reentrancy Analyze real security incidents based on MITRE ATT&CK to understand the risk at the CISO level Book Description: Web attacks and exploits pose an ongoing threat to the interconnected world. This comprehensive book explores the latest challenges in web application security, providing you with an in-depth understanding of hackers' methods and the practical knowledge and skills needed to effectively understand web attacks. The book starts by emphasizing the importance of mindsets and toolsets in conducting successful web attacks. You'll then explore the methodologies and frameworks used in these attacks, and learn how to configure an environment using interception proxies, automate tasks with Bash and Python, and set up a research lab. As you advance through the book, you'll discover how to attack the SAML authentication layer; attack front-facing web applications by learning WordPress and SQL injection, and exploit vulnerabilities in IoT devices, such as command injection, by going through three CTFs and learning about the discovery of seven CVEs. Each chapter analyzes confirmed cases of exploitation mapped with MITRE ATT&CK. You'll also analyze attacks on Electron JavaScript-based applications, such as XSS and RCE, and the security challenges of auditing and exploiting Ethereum smart contracts written in Solidity. Finally, you'll find out how to disclose vulnerabilities. By the end of this book, you'll have enhanced your ability to find and exploit web vulnerabilities. What You Will Learn: Understand the mindset, methodologies, and toolset needed to carry out web attacks Discover how SAML and SSO work and study their vulnerabilities Get to grips with WordPress and learn how to exploit SQL injection Find out how IoT devices work and exploit command injection Familiarize yourself with Electron JavaScript-based applications and transform an XSS to an RCE Discover how to audit Solidity's Ethereum smart contracts Get the hang of decompiling, debugging, and instrumenting web applications Who this book is for: This book is for anyone whose job role involves ensuring their organization's security - penetration testers and red teamers who want to deepen their knowledge of the current security challenges for web applications, developers and DevOps professionals who want to get into the mindset of an attacker; and security managers and CISOs looking to truly understand the impact and risk of web, IoT, and smart contracts. Basic knowledge of web technologies, as well as related protocols is a must.
Author(s): Simone Onofri, Donato Onofri
Edition: 1
Publisher: Packt Publishing
Year: 2023
Language: English
Pages: 338
Cover
Title Page
Copyright and Credit
Dedicated
Contributors
Table of Contents
Preface
Part 1: Persistence in Cloud Computing – Storing and Managing Data in Modern Software Architecture
Chapter 1: The History of Data Storage – From the Caves to the Cloud
Why do databases exist?
The challenges of handling data
Characteristics of Java persistence frameworks
The cloud’s effect on stateful solutions
Exploring the trade-offs of distributed database systems – a look into the CAP theorem and beyond
Summary
Chapter 2: Exploring the Multiple Database Flavors
A look back at relational databases
A deep dive into non-relational databases (NoSQL)
NoSQL database types – key-value
NoSQL database types – document
NoSQL database types – wide-column/column-family
NoSQL database types – graph
NewSQL databases – trying to get the best out of both worlds
Summary
Chapter 3: ChaExploring Architectural Strategies and Cloud Usage
The cloud’s influence on software architecture design
Design patterns – the essential building blocks for software architects
Monolithic architecture
Microservices architecture
Common pitfalls of microservices adoption
Cloud deployment strategies that favor modern stateful solutions
Why the hybrid and multi-cloud models matter
Distributed systems and their impact on data systems
Example – architecting a food delivery solution
The basic scenario
The challenges of integrating services around a central piece of data
Summary
Chapter 4: Design Patterns for Data Management in Cloud-Native Applications
Technical requirements
Design patterns applied to the Java persistence layer
Unstructured code
The data mapper pattern
The DAO pattern
Repository pattern boosted by DDD
The active record pattern
Navigating the Java mapping landscape – evaluating framework trade-offs
Data transfer between the view and underlying layers
Summary
Part 2: Jakarta EE, MicroProfile, Modern Persistence Technologies, and Their Trade-Offs
Chapter 5: Jakarta EE and JPA – State of Affairs
Technical requirements
Jakarta EE overview
Framework unveiled – reflection versus reflectionless solutions
JPA state of affairs
JPA and database mapping patterns
The power of JPA with Quarkus and Panache cloud-native runtimes
Setting up the new service
Persistent entities and database operations
Exposing REST endpoints for data manipulation
Even faster development speed – automatic endpoint generation
General JPA-related performance considerations
Summary
Chapter 6: NoSQL in Java Demystified – One API to Rule Them All
Technical requirements
Understanding NoSQL database trade-offs
Consuming NoSQL databases with JNoSQL
Key-value databases
Column databases
Document databases
Graph databases
Summary
Chapter 7: The Missing Guide for jOOQ Adoption
Technical requirements
Data-driven and object-oriented programming in Java
What is jOOQ?
Using jOOQ with Jakarta/MicroProfile
Summary
Chapter 8: Ultra-Fast In-Memory Persistence with Eclipse Store
Technical requirements
Object-relational impedance mismatch explained
In-memory persistence storage – Eclipse Store
The basics of how to store and manage data in memory
Using in-memory data storage with Jakarta EE and MicroProfile
Summary
Part 3: Architectural Perspective over Persistence
Chapter 9: Persistence Practices – Exploring Polyglot Persistence
Technical requirements
The trade-offs of polyglot persistence
Understanding DDD and Jakarta
Jakarta Data
Summary
Chapter 10: Architecting Distributed Systems – Challenges and Anti-Patterns
Data integration scales and distributed transactions
The dual-write anti-pattern
Microservices and shared databases
Eventual consistency problems
Summary
Chapter 11: Modernization Strategies and Data Integration
Application modernization strategies
Avoiding data storage-related anti-patterns and bad practices
Introduction to CDC pattern
Adopting cloud technologies and cloud services
Summary
Chapter 12: Final Considerations
The power of tests and leading with data-domain tests
Underestimating the importance of documentation
Architecture without architects
Summary
Further reading
Index
Other Books You May Enjoy
About Packt
