Web-based apps are ubiquitous. They are available for online retail, banking, enterprise applications, mobile, and Internet of Things (IoT) applications. Advancements in contemporary web applications and associated frameworks have transformed the creation, deployment, and maintenance of online applications, resulting in a very complex and diversified ecosystem. The developments in web apps have also drawn the attention of threat actors. This lesson will teach you to evaluate and leverage application-based vulnerabilities. The Chapter commences with a review of web applications and the OWASP Top 10 vulnerabilities. It additionally offers instructions on constructing your own web application activity. This chapter will provide insight into injection-based vulnerabilities. You will also get knowledge regarding methods by which threat actors attack vulnerabilities in authentication and authorization. Additionally, you will get knowledge of cross-site scripting (XSS) and cross-site request forgery (CSRF/XSRF) vulnerabilities and methods to exploit them. Ultimately, you will acquire knowledge regarding clickjacking and the methods by which threat actors exploit security misconfigurations, directory traversal vulnerabilities, insecure coding practices, and assaults on application programming interfaces (APIs).

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Exploiting Application–Based Vulnerabilities

  • Rajkumar Banoth,
  • Aruna Kranthi Godishala

摘要

Web-based apps are ubiquitous. They are available for online retail, banking, enterprise applications, mobile, and Internet of Things (IoT) applications. Advancements in contemporary web applications and associated frameworks have transformed the creation, deployment, and maintenance of online applications, resulting in a very complex and diversified ecosystem. The developments in web apps have also drawn the attention of threat actors. This lesson will teach you to evaluate and leverage application-based vulnerabilities. The Chapter commences with a review of web applications and the OWASP Top 10 vulnerabilities. It additionally offers instructions on constructing your own web application activity. This chapter will provide insight into injection-based vulnerabilities. You will also get knowledge regarding methods by which threat actors attack vulnerabilities in authentication and authorization. Additionally, you will get knowledge of cross-site scripting (XSS) and cross-site request forgery (CSRF/XSRF) vulnerabilities and methods to exploit them. Ultimately, you will acquire knowledge regarding clickjacking and the methods by which threat actors exploit security misconfigurations, directory traversal vulnerabilities, insecure coding practices, and assaults on application programming interfaces (APIs).