Bypassing Web Application Firewall eBook Preview.pdf

(3376 KB) Pobierz

TEAM

Editor-in-Chief 

Joanna Kretowicz  

joanna.kretowicz@eforensicsmag.com

Editors:

Marta Sienicka 

sienicka.marta@hakin9.org

Marta Strzelec 

marta.strzelec@hakin9.org

Anna Kondzierska 

anna.kondzierska@hakin9.org

Proofreader:

Lee McKenzie

Senior Consultant/Publisher:

Paweł Marciniak

CEO:

Joanna Kretowicz  

joanna.kretowicz@hakin9.org

Marketing Director:

Joanna Kretowicz  

joanna.kretowicz@hakin9.org

DTP

Marta Sienicka 

sienicka.marta@hakin9.org

Cover Design

Hiep Nguyen Duc

Publisher

Hakin9 Media Sp. z o.o. 

02-676 Warszawa 

ul. Postępu 17D  

Phone: 1 917 338 3631

www.hakin9.org

All trademarks, trade names, or logos mentioned or used are the

property of their respective owners.

The techniques described in our articles may only be used in private,

local networks. The editors hold no responsibility for misuse of the

presented techniques or consequent data loss.

TABLE OF CONTENTS

About this eBook

Module 1

Introduction WAFs, WAF Bypassing and techniques

Web Servers and WAF Placement

WAF Operating Modes

WAF Filter Rules

WAF Fingerprinting

Automating WAF Fingerprinting with Burp, Nmap and wafw00f

WAF Fingerprinting with Burp suite

WAF Fingerprinting with Nmap

WAF Fingerprinting with WAFW00F

WAF Bypassing

Typical bypass flow

Path Parameters Exploitation

Support Material

Module 2

HTTP Parameter Pollution & Encoding Techniques

HTTP Parameter Pollution – HPP

Encoding Techniques

Bypassing WAF with SQL Injection

SQL Injection

Blind SQL Injection

WAF Filter Rules Bypass with SQL Injection

PHPIDS - PHP Intrusion Detection System

Mod_Security

HPP Exploitation with SQL Injection

HTTP Parameter Fragmentation – HPF

Bypassing WAFs with SQL Injection Normalization

Buffer Overflow + SQL Injection = Bypass WAF

WAF Bypass with SQL Injection Examples

Module 3

WAF Bypassing with XSS

Cross Site Scripting – XSS

XSS Syntax

Reflected Cross Site

Stored Cross-site Scripting

Example XSS Attacks

HPP and HPF

External Script Execution

Attack with Event Handlers

XSS Attacks with BeEF & XSS Attacks and WAF Bypass with XSSer

XSS Attacks with BeEF

XSS Attacks and WAF Bypass with XSSer

Path Traversal

Remote And Local File Inclusion

Module 4

Securing WAF And Conclusion

DOM Based XSS

Bypassing Blacklists With JavaScript

Automating WAF Bypassing

Bypassing WAF Practical Examples

Conclusion

Plik z chomika:

kufel_007

Inne pliki z tego folderu:

CreateSpace.Publishing.Basic.Security.Testing.With.Kali.Linux.Jan.2014.ISBN.1494861275.pdf (14103 KB)
Hakin9 Open - How to become a hacker.pdf (12054 KB)
Preview - Building a Hacking Kit with Raspberry Pi and Kali Linux.pdf (11271 KB)
Preview Volatility.pdf (8048 KB)
SQL Injection Preview.pdf (9173 KB)

Bypassing Web Application Firewall eBook Preview.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: