Hands-On Bug Hunting for Penetration Testers - Joseph Marshall - kostenlos E-Book

Hands-On Bug Hunting for Penetration Testers E-Book

Joseph Marshall

0,0
0,00 €

-100%
Sammeln Sie Punkte in unserem Gutscheinprogramm und kaufen Sie E-Books und Hörbücher mit bis zu 100% Rabatt.
Mehr erfahren.
Beschreibung

Detailed walkthroughs of how to discover, test, and document common web application vulnerabilities.


Key FeaturesLearn how to test for common bugsDiscover tools and methods for hacking ethicallyPractice working through pentesting engagements step-by-stepBook Description


Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.


You will learn about SQli, NoSQLi, XSS, XXE, and other forms of code injection. You’ll see how to create CSRF PoC HTML snippets, how to discover hidden content (and what to do with it once it’s found), and how to create the tools for automated pentesting workflows.


Then, you’ll format all of this information within the context of a bug report that will have the greatest chance of earning you cash.


With detailed walkthroughs that cover discovering, testing, and reporting vulnerabilities, this book is ideal for aspiring security professionals. You should come away from this work with the skills you need to not only find the bugs you're looking for, but also the best bug bounty programs to participate in, and how to grow your skills moving forward in freelance security research.


What you will learnChoose what bug bounty programs to engage inUnderstand how to minimize your legal liability and hunt for bugs ethicallySee how to take notes that will make compiling your submission report easierKnow how to take an XSS vulnerability from discovery to verification, and report submissionAutomate CSRF PoC generation with PythonLeverage Burp Suite for CSRF detectionUse WP Scan and other tools to find vulnerabilities in WordPress, Django, and Ruby on Rails applicationsWrite your report in a way that will earn you the maximum amount of moneyWho this book is for


This book is written for developers, hobbyists, pentesters, and anyone with an interest (and a little experience) in web application security.


Joseph Marshall is a web application developer and freelance writer with credits from The Atlantic, Kirkus Review, and the SXSW film blog. He also enjoys moonlighting as a freelance security researcher, working with third-party vulnerability marketplaces such as Bugcrowd and HackerOne. His background and education include expertise in development, nonfiction writing, linguistics, and instruction/teaching. He lives in Austin, TX.

Sie lesen das E-Book in den Legimi-Apps auf:

Android
iOS
von Legimi
zertifizierten E-Readern

Seitenzahl: 250

Bewertungen
0,0
0
0
0
0
0
Mehr Informationen
Mehr Informationen
Legimi prüft nicht, ob Rezensionen von Nutzern stammen, die den betreffenden Titel tatsächlich gekauft oder gelesen/gehört haben. Wir entfernen aber gefälschte Rezensionen.



Hands-On Bug Hunting for Penetration Testers

 

 

 

 

 

 

 

 

 

 

 

A practical guide to help ethical hackers discover web application security flaws

 

 

 

 

 

 

 

 

 

 

 

Joseph Marshall

 

 

 

 

 

 

 

 

 

 

BIRMINGHAM - MUMBAI

Hands-On Bug Hunting for Penetration Testers

Copyright © 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Gebin GeorgeAcquisition Editor: Shweta PantContent Development Editor: Sharon RajTechnical Editor:Prashant ChaudhariCopy Editor:Safis EditingProject Coordinator: Drashti PanchalProofreader: Safis EditingIndexer: Pratik ShirodkarGraphics: Tom ScariaProduction Coordinator: Arvindkumar Gupta

First published: September 2018

Production reference: 1070918

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78934-420-2

www.packtpub.com

I'd like to dedicate this book to my beautiful wife, for helping me see this project through. I love you, Lizzie.
 
mapt.io

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

Packt.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.Packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.Packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. 

Contributors

About the author

Joseph Marshall is a web application developer and freelance writer with credits from The Atlantic, Kirkus Review, and the SXSW film blog. He also enjoys moonlighting as a freelance security researcher, working with third-party vulnerability marketplaces such as Bugcrowd and HackerOne. His background and education include expertise in development, nonfiction writing, linguistics, and instruction/teaching. He lives in Austin, TX.

About the reviewers

Sachin Wagh is a young information security researcher from India. His core area of expertise includes penetration testing, vulnerability analysis, and exploit development. He has found security vulnerabilities in Google, Tesla Motors, LastPass, Microsoft, F-Secure, and other companies. Due to the severity of many bugs discovered, he has received numerous awards for his findings. He has participated in several security conferences as a speaker, such as Hack In Paris, Infosecurity Europe, and HAKON.

I would specially like to thank Shweta Pant and Drashti Panchal for offering me this opportunity. I would also like to thank my family and close friends for supporting me.

 

 

 

Himanshu Sharma has already achieved fame for finding security loopholes and vulnerabilities in Apple, Google, Microsoft, Facebook, Adobe, Uber, and many more, with hall of fame listings as proof. He has helped celebrities such as Harbhajan Singh, and also assisted an international singer in tracking down his hacked account and recovering it. He was a speaker at the international conferences Botconf 2013 and CONFidence 2018. He has also spoken at IEEE conferences in California and Malaysia, as well as for TEDx. Currently, he is the cofounder of BugsBounty, a crowd-sourced security platform for ethical hackers and companies interested in cyber services. He has also authored a book titled Kali Linux - An Ethical Hacker's Cookbook.

 

 

 

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Preface

This book is designed to give interested coders (part-time, professional, and otherwise) the skills they need to start participating in public bug bounty programs, covering both general pentesting subjects, such as scoping your testing sessions appropriately, and bounty-specific security topics, such as how to format your bug submission report to ensure the best chance of earning a reward.

As the need for security audits on the public web grows, crowdsourced solutions are becoming more popular. This book aims to give you everything you need to participate in those programs—walking you through important topics with a mix of theory and direct, hands-on examples.

Who this book is for

This book is written for developers, hobbyists, pentesters, and anyone with an interest (and maybe a little experience) in web application security and public bug bounty programs.

What this book covers

Chapter 1, Joining the Hunt, introduces the concept of bug bounties, their value to companies, and the most common types of programs. It also sets up expectations for what the reader should know going into the book.

Chapter 2, Choosing Your Hunting Ground, explains how to evaluate individual bug bounty programs and whether to participate in them. It explains factors such as payouts, community engagement, terms of engagements, and participating in company quality.

Chapter 3, Preparing for an Engagement, explains how to prepare for a pentesting engagement, from how to standardize the reconnaissance process, to understanding the application’s attack surface, to the importance of good note taking and, later, preparing submission reports.

Chapter 4, Unsanitized Data – An XSS Case Study, describes how and where to find XSS vulnerabilities - a variety of code injection that represents one of the most common web application vulnerabilities today.

Chapter 5, SQL, Code Injection and Scanners, describes the different varieties of code injection attacks and how to safely test for them, covering different types of injection, such as blind or error-based injection.

Chapter 6, CSRF and Insecure Session Authentication, discusses vulnerabilities related to insecure session authentication, focusing on CSRF and how to create a CSRF PoC to test for them.

Chapter 7, Detecting XML External Entities (XEE), focuses on XML External Entity vulnerability detection and related XML injection techniques that can work in conjunction with XXE.

Chapter 8, Access Control and Security Through Obscurity, goes over how to find hidden information/data leaks in web applications and discerning between what data is important (and will win you an award) and what’s not. It covers different types of sensitive data and gives you examples from the field.

Chapter 9, Framework and Application-Specific Vulnerabilities, covers approaching a pentesting engagement from the perspective of testing for application/framework-specific vulnerabilities, focusing on general Known Common Vulnerabilities and Exposures (CVEs), as well as methods for testing WordPress, Rails, and Django apps, including strategies, tools, tips, and tricks.

Chapter 10, Formatting Your Report, goes over how to compose a bug report to receive the maximum payout, drawing on examples and information from earlier vulnerability-specific chapters and providing examples (with commentary) on the finer considerations of your submission.

Chapter 11, Other Tools, goes over other tools not covered in the course of the vulnerability examples and how to vet new ones. It also explains how to evaluate free versus paid products and jumping off points for pentesting regimens that focus on bugs not detailed extensively in the work (for example, weak WAF rules/network gaps).

Chapter 12, Other (Out-of-Scope) Vulnerabilities, goes over other vulnerabilities not covered in the course of the book and why they don’t command payouts in most bug bounty programs.

Chapter 13, Going Further, explains where the reader can turn to for more information about participating in bug bounty programs - running through courses and resources for continuing to develop your security acumen. It also features a dictionary of pentesting/security terms to clearly define the way the book employs certain terminology.

To get the most out of this book

To get the full experience following through the exercises, you should have a basic background in web application development - understanding the general patterns that power the modern web at a high level (for example, server-client, cookies as authentication, HTTP as a stateless protocol) as well as being comfortable with basic web technologies such as HTML/CSS, JavaScript, the browser, TCP/IP, and others. Having some penetration testing experience is helpful, but not strictly required. We also make regular use of the command line in this work, but there are often GUI-related workarounds.

If you have gaps in any of the above topics, I encourage you to still give the book a try. Additional resources, illustrative examples, and links to outside pentesting resources are designed to provide more context if you're stumped on any particular section.

Download the example code files

You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packt.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

Log in or register at

www.packtpub.com

.

Select the

SUPPORT

tab.

Click on

Code Downloads & Errata

.

Enter the name of the book in the

Search

box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR/7-Zip for Windows

Zipeg/iZip/UnRarX for Mac

7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Hands-On-Bug-Hunting-for-Penetration-Testers. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Get in touch

Feedback from our readers is always welcome.

General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

Joining the Hunt

This book is designed to give you the practical experience necessary to take an interest in security and turn it into a fun, profitable pursuit.

The goal is that, by focusing on real submission reports, you'll get a better feel for where and how to discover vulnerabilities in the wild, and by following along at home, pentesting real sites (as well as deliberately-vulnerable web apps), you'll get invaluable hands-on experience. Sometimes the best way to learn is to get a smattering of theory and then just jump right in.

This chapter will focus on what you'll learn, how you'll learn it, and how to generally get the most out of this work. It will cover the following:

The benefits of bug bounty programs

What your pentesting background should be before coming into this book

Setting up your environment and the tools to know

Your next steps

Technical Requirements

No software is required for this chapter, though we will cover tools that will be used later on in the examples.

You can find the short code snippet referenced in the last section on OWASP's XSS Filter Evasion Cheat Sheet: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet.

What You Should Already Know – Pentesting Background

This book assumes a familiarity with both web application engineering and the basics of web application security. Any experience with the frontend technologies that will provide the interface and context for many of your discoveries is an asset, including a basic understanding of HTML/CSS/JS, and the DOM; the client-server relationship, session management (cookies, TTL, and so on); and the browser environment. In addition, a general acquaintance with the RESTful API architecture, popular application frameworks and languages (Django/Python, RoR/Ruby, and so on), common application security techniques, and common vulnerabilities, will all be handy. You might be a full-time security researcher, a moonlighting web application engineer, or even just a programming enthusiast with a light background and a historical interest in security – you'll all find something useful within these pages. If you're just beginning, that's OK too – working through the step-by-step walk-through in later chapters will help you develop as a security researcher; you just might need to fill in the gaps with outside context.

In addition to these topics, it's assumed you'll also have experience using the command line. While many great graphic tools exist for conducting and visualizing penetration testing engagements, and we'll use many of them, the CLI is an invaluable tool for everything from package management, to real-time pentesting execution, to automation. And while many of the tools used will have a compatible Windows counterpart, the actual engagements will be conducted (for the most part) on a 2015-generation MacBook Pro loaded with High Sierra (10.13.2), if you are working on a Windows PC, you can still participate by using a virtual machine or emulation software.

Setting Up Your Environment – Tools To Know

All of the tools we'll use in this book will be free – you shouldn't need to purchase anything outside of this work to recreate the walk-throughs. In the survey of other security software not used directly in our engagements in Chapter 12, Other Tools, there will be a discussion of other technologies (paid and free) you can leverage for extra functionality.

Here's a brief overview of some of the technologies we will be using:

Burp Suite

is a versatile program that can intercept web traffic (Burp Proxy), trigger application information submission (Burp Intruder), scan input against malicious code snippets (Burp Scanner), and 

– 

with the possibilities offered by extensions 

– 

a multitude of other things. We'll go over both using the native Burp functionality as well as how to incorporate simple extensions. Some of the paid functionalities, such as Burp Scan, will only receive an overview, in favor of focusing on the features available in the free version.