文件名称:Learning Python Web Penetration Testing 1st
文件大小:8.98MB
文件格式:PDF
更新时间:2021-07-21 04:15:09
web 渗透测试 python 网络安全
Leverage the simplicity of Python and available libraries to build web security testing tools for your application Key Features Understand the web application penetration testing methodology and toolkit using Python Write a web crawler/spider with the Scrapy library Detect and exploit SQL injection vulnerabilities by creating a script all by yourself Book Description Web penetration testing is the use of tools and code to attack a website or web app in order to assess its vulnerability to external threats. While there are an increasing number of sophisticated, ready-made tools to scan systems for vulnerabilities, the use of Python allows you to write system-specific scripts, or alter and extend existing testing tools to find, exploit, and record as many security weaknesses as possible. Learning Python Web Penetration Testing will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for each activity throughout the process. The book begins by emphasizing the importance of knowing how to write your own tools with Python for web application penetration testing. You will then learn to interact with a web application using Python, understand the anatomy of an HTTP request, URL, headers and message body, and later create a script to perform a request, and interpret the response and its headers. As you make your way through the book, you will write a web crawler using Python and the Scrappy library. The book will also help you to develop a tool to perform brute force attacks in different parts of the web application. You will then discover more on detecting and exploiting SQL injection vulnerabilities. By the end of this book, you will have successfully created an HTTP proxy based on the mitmproxy tool. What you will learn Interact with a web application using the Python and Requests libraries Create a basic web application crawler and make it recursive Develop a brute force tool to discover and enumerate resources such as files and directories Explore different authentication methods commonly used in web applications Enumerate table names from a database using SQL injection Understand the web application penetration testing methodology and toolkit Who this book is for Learning Python Web Penetration Testing is for web developers who want to step into the world of web application security testing. Basic knowledge of Python is necessary. Table of Contents Introduction to Web Application Penetration Testing Interacting with Web Applications Web Crawling with Scrapy – Mapping the Application Discovering resources Password Testing Detecting and Exploiting SQL Injection Vulnerabilities Intercepting HTTP Requests 利用Python和可用库的简单性为您的应用程序构建Web安全测试工具 主要特征 使用Python了解Web应用程序渗透测试方法和工具包 使用Scrapy库编写Web爬虫/蜘蛛 通过自己创建脚本来检测和利用SQL注入漏洞 书说明 Web渗透测试是使用工具和代码来攻击网站或Web应用程序,以评估其对外部威胁的脆弱性。虽然有越来越多用于扫描系统漏洞的复杂的现成工具,但Python的使用允许您编写特定于系统的脚本,或者更改和扩展现有的测试工具,以查找,利用和记录尽可能多的安全漏洞尽可能。学习Python Web渗透测试将引导您完成Web应用程序渗透测试方法,向您展示如何使用Python为整个过程中的每个活动编写自己的工具。本书首先强调了解如何使用Python编写自己的工具以进行Web应用程序渗透测试的重要性。然后,您将学习使用Python与Web应用程序进行交互,了解HTTP请求,URL,标题和消息正文的解剖结构,然后创建一个脚本来执行请求,并解释响应及其标题。当您完成本书时,您将使用Python和Scrappy库编写Web爬虫。本书还将帮助您开发一种工具,在Web应用程序的不同部分执行暴力攻击。然后,您将发现有关检测和利用SQL注入漏洞的更多信息。到本书结束时,您将基于mitmproxy工具成功创建HTTP代理。本书还将帮助您开发一种工具,在Web应用程序的不同部分执行暴力攻击。然后,您将发现有关检测和利用SQL注入漏洞的更多信息。到本书结束时,您将基于mitmproxy工具成功创建HTTP代理。本书还将帮助您开发一种工具,在Web应用程序的不同部分执行暴力攻击。然后,您将发现有关检测和利用SQL注入漏洞的更多信息。到本书结束时,您将基于mitmproxy工具成功创建HTTP代理。 你会学到什么 使用Python和Requests库与Web应用程序交互 创建一个基本的Web应用程序爬虫并使其递归 开发一个强力工具来发现和枚举文件和目录等资源 探索Web应用程序中常用的不同身份验证方法 使用SQL注入从数据库枚举表名 了解Web应用程序渗透测试方法和工具包 这本书的用途是谁 学习Python Web渗透测试适用于希望进入Web应用程序安全测试领域的Web开发人员。Python的基础知识是必要的。 目录 Web应用程序渗透测试简介 与Web应用程序交互 Web Scrawling with Scrapy - 映射应用程序 发现资源 密码测试 检测和利用SQL注入漏洞 拦截HTTP请求