Introduction(2)
第1章:规范化Web应用程序渗透测试 -
这一章是对渗透测试世界的简单介绍,并试图对当前的形式给出现实的看法。 更多的是它试图告诉您如何组件一只渗透测试团队并使团队尽可能高效,以及为什么要编写工具和选择合适的工具是一件很重要的事情。
Chapter 2: Scanning With Class -
The second chapter focuses on helping you understand the difference between automated and manual scanning from the tester’s perspective. It will show you how to write custom scanning tools with the use of Python.
This part of the book also contains Python chunks of code demonstrating on how to write tools and design your own scanner.
第2章:使用类扫描器 -
第二章着重于从测试人员的角度帮助您理解自动扫描和手动扫描之间的区别。 它将向您展示如何使用Python编写自定义扫描工具。
本书的这一部分还包含了Python代码块,演示如何编写工具和设计自己的扫描器。
Chapter 3: Payload Management -
This chapter focuses on explaining two things:
a) What is a Web payload from security perspective,
b) Why is it important to obfuscated your payloads.
第3章:有效载荷管理 -
本章着重解释两件事
a)从安全角度来看, 什么是Web有效载荷
b)为什么混淆有效载荷很重要
Chapter 4: Infiltrating Corporate Networks Using XXE -
This chapter focuses on explaining how to exploit and elevate an External Entity (XXE) Injection vulnerability. The main purpose of this chapter is not to show you how to exploit an XXE vulnerability, but to broaden your mind on how you can combine multiple vulnerabilities together to infiltrate your target using an XXE vulnerability as an example.
第4章:使用XXE渗透企业网络 -
本章重点介绍如何利用和提升外部实体(XXE)注入漏洞。 本章的主要目的不是向您展示如何利用XXE漏洞,而是扩展您的想法,以便如何使用XXE漏洞将多个漏洞组合到一起以渗透目标。
Chapter 5: Phishing Like A Boss -
This chapter focuses on explaining how to perform phishing attacks using social engineering and Web vulnerabilities. The main purpose of this chapter is to help you broaden your mind on how to combine multiple security issues, to perform phishing attacks.
这一章是对渗透测试世界的简单介绍,并试图对当前的形式给出现实的看法。 更多的是它试图告诉您如何组件一只渗透测试团队并使团队尽可能高效,以及为什么要编写工具和选择合适的工具是一件很重要的事情。
Chapter 2: Scanning With Class -
The second chapter focuses on helping you understand the difference between automated and manual scanning from the tester’s perspective. It will show you how to write custom scanning tools with the use of Python.
This part of the book also contains Python chunks of code demonstrating on how to write tools and design your own scanner.
第2章:使用类扫描器 -
第二章着重于从测试人员的角度帮助您理解自动扫描和手动扫描之间的区别。 它将向您展示如何使用Python编写自定义扫描工具。
本书的这一部分还包含了Python代码块,演示如何编写工具和设计自己的扫描器。
Chapter 3: Payload Management -
This chapter focuses on explaining two things:
a) What is a Web payload from security perspective,
b) Why is it important to obfuscated your payloads.
第3章:有效载荷管理 -
本章着重解释两件事
a)从安全角度来看, 什么是Web有效载荷
b)为什么混淆有效载荷很重要
Chapter 4: Infiltrating Corporate Networks Using XXE -
This chapter focuses on explaining how to exploit and elevate an External Entity (XXE) Injection vulnerability. The main purpose of this chapter is not to show you how to exploit an XXE vulnerability, but to broaden your mind on how you can combine multiple vulnerabilities together to infiltrate your target using an XXE vulnerability as an example.
第4章:使用XXE渗透企业网络 -
本章重点介绍如何利用和提升外部实体(XXE)注入漏洞。 本章的主要目的不是向您展示如何利用XXE漏洞,而是扩展您的想法,以便如何使用XXE漏洞将多个漏洞组合到一起以渗透目标。
Chapter 5: Phishing Like A Boss -
This chapter focuses on explaining how to perform phishing attacks using social engineering and Web vulnerabilities. The main purpose of this chapter is to help you broaden your mind on how to combine multiple security issues, to perform phishing attacks.