Нашли опечатку? Выделите ее мышкой и нажмите Ctrl+Enter
Название: Professional Pen Testing for Web Applications
Автор: Andreu A.
Аннотация:
What the Book Covers: The first two chapters of the book reviews the basics of web applications and their protocols, especially authentication aspects, as a launching pad for understanding the inherent security vulnerabilities, covered later in the book. Immediately after this coverage, The author gets right down to basics of information security, covering vulnerability analysis, attack simulation, and results analysis, focusing the reader on the "outcomes" aspects needed for successful pen testing. The author schools the reader on how to present findings to internal and external critical stakeholders, and then moves on to remediation or hardening of the code and applications, rather than the servers (often covered in other books).
Real World Web Solutions: The culmination is Chapter 9, the build out of a personal pen testing lab, replete with a baseline list of products, with installation guidance:
* Linux - Fedora
* VMWare
* Apache
* MySQL
* PHP
* Perl
* JBoss
* OpenLDAP
* OpenSSL
* OpenSSH
* Windows (with IIS installed)
Each one of these products will have its respective installation covered as part of this book. Where appropriate we will also go into the configuration of the product. This is in preparation for the honeypot applications we will be installed as well, consisting of
* WebGoat
* Hacme