Black Hat GraphQL - read free eBook in online reader or directly download on the web page. Select files or add your book in reader. Download and read online ebook Black Hat GraphQL write by Nick Aleks. This book was released on 2023-05-23. Black Hat GraphQL available in PDF, EPUB and Kindle. Written by hackers for hackers, this hands-on book teaches penetration testers how to identify vulnerabilities in apps that use GraphQL, a data query and manipulation language for APIs adopted by major companies like Facebook and GitHub. Black Hat GraphQL is for anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing. Whether you’re a penetration tester, security analyst, or software engineer, you’ll learn how to attack GraphQL APIs, develop hardening procedures, build automated security testing into your development pipeline, and validate controls, all with no prior exposure to GraphQL required. Following an introduction to core concepts, you’ll build your lab, explore the difference between GraphQL and REST APIs, run your first query, and learn how to create custom queries. You’ll also learn how to: Use data collection and target mapping to learn about targets Defend APIs against denial-of-service attacks and exploit insecure configurations in GraphQL servers to gather information on hardened targets Impersonate users and take admin-level actions on a remote server Uncover injection-based vulnerabilities in servers, databases, and client browsers Exploit cross-site and server-side request forgery vulnerabilities, as well as cross-site WebSocket hijacking, to force a server to request sensitive information on your behalf Dissect vulnerability disclosure reports and review exploit code to reveal how vulnerabilities have impacted large companies This comprehensive resource provides everything you need to defend GraphQL APIs and build secure applications. Think of it as your umbrella in a lightning storm.
Black Hat GraphQL
Black Hat GraphQL - read free eBook in online reader or directly download on the web page. Select files or add your book in reader. Download and read online ebook Black Hat GraphQL write by Nick Aleks. This book was released on 2023-05-23. Black Hat GraphQL available in PDF, EPUB and Kindle. Written by hackers for hackers, this hands-on book teaches penetration testers how to identify vulnerabilities in apps that use GraphQL, a data query and manipulation language for APIs adopted by major companies like Facebook and GitHub. Black Hat GraphQL is for anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing. Whether you’re a penetration tester, security analyst, or software engineer, you’ll learn how to attack GraphQL APIs, develop hardening procedures, build automated security testing into your development pipeline, and validate controls, all with no prior exposure to GraphQL required. Following an introduction to core concepts, you’ll build your lab, explore the difference between GraphQL and REST APIs, run your first query, and learn how to create custom queries. You’ll also learn how to: Use data collection and target mapping to learn about targets Defend APIs against denial-of-service attacks and exploit insecure configurations in GraphQL servers to gather information on hardened targets Impersonate users and take admin-level actions on a remote server Uncover injection-based vulnerabilities in servers, databases, and client browsers Exploit cross-site and server-side request forgery vulnerabilities, as well as cross-site WebSocket hijacking, to force a server to request sensitive information on your behalf Dissect vulnerability disclosure reports and review exploit code to reveal how vulnerabilities have impacted large companies This comprehensive resource provides everything you need to defend GraphQL APIs and build secure applications. Think of it as your umbrella in a lightning storm.
Black Hat Go
Black Hat Go - read free eBook in online reader or directly download on the web page. Select files or add your book in reader. Download and read online ebook Black Hat Go write by Tom Steele. This book was released on 2020-02-04. Black Hat Go available in PDF, EPUB and Kindle. Like the best-selling Black Hat Python, Black Hat Go explores the darker side of the popular Go programming language. This collection of short scripts will help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset. Black Hat Go explores the darker side of Go, the popular programming language revered by hackers for its simplicity, efficiency, and reliability. It provides an arsenal of practical tactics from the perspective of security practitioners and hackers to help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset, all using the power of Go. You'll begin your journey with a basic overview of Go's syntax and philosophy and then start to explore examples that you can leverage for tool development, including common network protocols like HTTP, DNS, and SMB. You'll then dig into various tactics and problems that penetration testers encounter, addressing things like data pilfering, packet sniffing, and exploit development. You'll create dynamic, pluggable tools before diving into cryptography, attacking Microsoft Windows, and implementing steganography. You'll learn how to: Make performant tools that can be used for your own security projects Create usable tools that interact with remote APIs Scrape arbitrary HTML data Use Go's standard package, net/http, for building HTTP servers Write your own DNS server and proxy Use DNS tunneling to establish a C2 channel out of a restrictive network Create a vulnerability fuzzer to discover an application's security weaknesses Use plug-ins and extensions to future-proof productsBuild an RC2 symmetric-key brute-forcer Implant data within a Portable Network Graphics (PNG) image. Are you ready to add to your arsenal of security tools? Then let's Go!
Black Hat Bash
Black Hat Bash - read free eBook in online reader or directly download on the web page. Select files or add your book in reader. Download and read online ebook Black Hat Bash write by Nick Aleks. This book was released on 2024-10-01. Black Hat Bash available in PDF, EPUB and Kindle. Master the art of offensive bash scripting. This highly practical hands-on guide covers chaining commands together, automating tasks, crafting living-off-the-land attacks, and more! Bash is one of the first building blocks that expert penetration testers learn. But every hacker, regardless of experience level, should know their way around a bash shell—its powerful scripting language lets you scale your attacks and write your own tools when others aren’t available. Black Hat Bash will teach you how to harness this essential pentesting skill set through hands-on exercises that use bash scripting to chain commands together, automate critical tasks, craft successful living-off-the-land attacks, and more. Early chapters cover the bash scripting language’s syntax and help you set up a lab environment to test your newfound bash abilities during all stages of the penetration testing process. You’ll soon be automating reconnaissance tasks, performing OS command injection, parsing tool output to extract important information, and maneuvering a restricted network using bash techniques that make your offensive engagements more efficient. This book makes bash easy to learn. And, with its focus on presenting bash in the context of pentesting, you’ll not only learn the language but you’ll also pick up lots of hacking tricks that allow you to use bash right away as your go-to offensive security tool.
Hacking APIs
Hacking APIs - read free eBook in online reader or directly download on the web page. Select files or add your book in reader. Download and read online ebook Hacking APIs write by Corey J. Ball. This book was released on 2022-07-05. Hacking APIs available in PDF, EPUB and Kindle. Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks. In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice: • Enumerating APIs users and endpoints using fuzzing techniques • Using Postman to discover an excessive data exposure vulnerability • Performing a JSON Web Token attack against an API authentication process • Combining multiple API attack techniques to perform a NoSQL injection • Attacking a GraphQL API to uncover a broken object level authorization vulnerability By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.
