Introduction
Who This Book Is For
This book is written to help hacking enthusiasts to become better and standardize their hacking methodologies and techniques so as to know clearly what to do and why when testing Web Applications.
本书适合于什么人群?
本书旨在帮助黑客爱好者变得更好,并更加规范他们的黑客方法和技术,以便清楚地知道
测试Web应用程序时该怎么做以及为什么。
This book will also be very helpful to the following professionals:
1. Web Application developers.
2. Professional Penetration Testers.
3. Web Application Security Analysts.
4. Information Security professionals.
5. Hiring Application Security Managers.
6. Managing Information Security Consultants.
这本书对以下专业人士也是非常有帮助的:
1. Web应用程序开发者。
2.专业渗透测试员。
3. Web应用程序安全分析师。
4.信息安全专业人员。
5.聘请应用程序安全管理人员。
6.管理信息安全顾问。
How This Book Is Organised
Almost all chapters are written in such a way so as to not require you to read the chapters sequentially, in order to understand the concepts presented, although it is recommended to do so.
几乎所有的章节都是这样循序渐进写的。但你要是对有的章节有所了解的话,就不要求你依次阅读章节,以理解所提出的概念。但建议新手这样做。
The following section is going to give you an overview of the book:
Chapter 1: Formalising Web Application Penetration Tests -
This chapter is a gentle introduction to the world of penetration testing, and attempt to give a realistic view on the current landscape. More specifically it attempt to provide you information on how to compose a Penetration Testing team and make the team as efficient as possible and why writing tools and choosing the proper tools is important.
This book is written to help hacking enthusiasts to become better and standardize their hacking methodologies and techniques so as to know clearly what to do and why when testing Web Applications.
本书适合于什么人群?
本书旨在帮助黑客爱好者变得更好,并更加规范他们的黑客方法和技术,以便清楚地知道
测试Web应用程序时该怎么做以及为什么。
This book will also be very helpful to the following professionals:
1. Web Application developers.
2. Professional Penetration Testers.
3. Web Application Security Analysts.
4. Information Security professionals.
5. Hiring Application Security Managers.
6. Managing Information Security Consultants.
这本书对以下专业人士也是非常有帮助的:
1. Web应用程序开发者。
2.专业渗透测试员。
3. Web应用程序安全分析师。
4.信息安全专业人员。
5.聘请应用程序安全管理人员。
6.管理信息安全顾问。
How This Book Is Organised
Almost all chapters are written in such a way so as to not require you to read the chapters sequentially, in order to understand the concepts presented, although it is recommended to do so.
几乎所有的章节都是这样循序渐进写的。但你要是对有的章节有所了解的话,就不要求你依次阅读章节,以理解所提出的概念。但建议新手这样做。
The following section is going to give you an overview of the book:
Chapter 1: Formalising Web Application Penetration Tests -
This chapter is a gentle introduction to the world of penetration testing, and attempt to give a realistic view on the current landscape. More specifically it attempt to provide you information on how to compose a Penetration Testing team and make the team as efficient as possible and why writing tools and choosing the proper tools is important.