Reader small image

You're reading from  Attacking and Exploiting Modern Web Applications

Product typeBook
Published inAug 2023
PublisherPackt
ISBN-139781801816298
Edition1st Edition
Concepts
Right arrow
Authors (2):
Simone Onofri
Simone Onofri
author image
Simone Onofri

Simone Onofri is a cybersecurity director with over two decades of experience in Red and Blue Teaming, vulnerability research, and product management. He has been an instructor at the Joint Intelligence and EW Training Centre and is associated with global companies such as HewlettPackard Enterprise. Simone has discovered various vulnerabilities and holds key certifications such as GXPN, GREM, GWAPT, OSCP, and OPSA. An active participant in organizations such as OWASP and ISECOM, he regularly speaks at major conferences, including TEDx. Simone is committed to inspiring and educating industry professionals and enthusiasts through his work, with a mission to create a positive influence.
Read more about Simone Onofri

Donato Onofri
Donato Onofri
author image
Donato Onofri

Donato Onofri is a seasoned Red Team engineer. He has over a decade of experience in activities including reverse engineering, Red Teaming, threat research, and penetration testing. Passionate about both the offensive and defensive sides of cybersecurity, Donato has worked with industry leaders such as CrowdStrike and Hewlett-Packard Enterprise and as an advisor and engineer for governments and financial institutions. His research delves into state-of-the-art security techniques, malware analysis, and internals. He holds the GREM, GXPN, OSCP, OSCE, and OSWE certifications, and his expertise is underscored by multiple recognitions for vulnerability discovery.
Read more about Donato Onofri

View More author details
Right arrow

Part 2: Evergreen Attacks

In the second part of this book, we will meticulously dissect “evergreen attacks,” walking through them step by step. We will focus on perennial vulnerabilities that, despite being well known, perpetually resurface in novel forms.

Practically, we will see a Capture the Flag (CTF) exercise that we prepared to understand SAML better. Then, we will see how we discovered two CVEs (SQL injection and Cross-Site Scripting) by reviewing the code of a WordPress plugin, and four CVEs (Command Injection and Path Traversal) on an IoT device by reversing some components.

This part has the following chapters:

  • Chapter 3, Attacking the Authentication Layer – a SAML Use Case
  • Chapter 4, Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress
  • Chapter 5, Attacking IoT Devices – Command Injection and Path Traversal
...
lock icon
The rest of the chapter is locked
You have been reading a chapter from
Attacking and Exploiting Modern Web Applications
Published in: Aug 2023Publisher: PacktISBN-13: 9781801816298
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $15.99/month. Cancel anytime

Authors (2)

author image
Simone Onofri

Simone Onofri is a cybersecurity director with over two decades of experience in Red and Blue Teaming, vulnerability research, and product management. He has been an instructor at the Joint Intelligence and EW Training Centre and is associated with global companies such as HewlettPackard Enterprise. Simone has discovered various vulnerabilities and holds key certifications such as GXPN, GREM, GWAPT, OSCP, and OPSA. An active participant in organizations such as OWASP and ISECOM, he regularly speaks at major conferences, including TEDx. Simone is committed to inspiring and educating industry professionals and enthusiasts through his work, with a mission to create a positive influence.
Read more about Simone Onofri

author image
Donato Onofri

Donato Onofri is a seasoned Red Team engineer. He has over a decade of experience in activities including reverse engineering, Red Teaming, threat research, and penetration testing. Passionate about both the offensive and defensive sides of cybersecurity, Donato has worked with industry leaders such as CrowdStrike and Hewlett-Packard Enterprise and as an advisor and engineer for governments and financial institutions. His research delves into state-of-the-art security techniques, malware analysis, and internals. He holds the GREM, GXPN, OSCP, OSCE, and OSWE certifications, and his expertise is underscored by multiple recognitions for vulnerability discovery.
Read more about Donato Onofri