Some applications and packages have testing information that could provide access to a malicious user if it is active. For example, a common case is Oracle DBMS, which has a database with tables for testing purposes with a database administrator called tiger, for which the password is scott.
Testing information
by Riyaz Ahemed Walikar, Dhruv Shah, Carlos A. Lozano
Hands-On Application Penetration Testing with Burp Suite
- Title Page
- Copyright and Credits
- Contributors
- About Packt
- Preface
- Configuring Burp Suite
- Configuring the Client and Setting Up Mobile Devices
- Setting up Firefox to work with Burp Suite (HTTP and HTTPS)
- Setting up Chrome to work with Burp Suite (HTTP and HTTPS)
- Setting up Internet Explorer to work with Burp Suite (HTTP and HTTPS)
- Additional browser add-ons that can be used to manage proxy settings
- Setting system-wide proxy for non-proxy-aware clients
- Setting up Android to work with Burp Suite
- Setting up iOS to work with Burp Suite
- Summary
- Executing an Application Penetration Test
- Exploring the Stages of an Application Penetration Test
- Preparing for an Application Penetration Test
- Identifying Vulnerabilities Using Burp Suite
- Detecting Vulnerabilities Using Burp Suite
- Exploiting Vulnerabilities Using Burp Suite - Part 1
- Data exfiltration via a blind Boolean-based SQL injection
- Executing OS commands using an SQL injection
- Executing an out-of-band command injection
- Stealing session credentials using XSS
- Taking control of the user's browser using XSS
- Extracting server files using XXE vulnerabilities
- Performing out-of-data extraction using XXE and Burp Suite collaborator
- Exploiting SSTI vulnerabilities to execute server commands
- Summary
- Exploiting Vulnerabilities Using Burp Suite - Part 2
- Using SSRF/XSPA to perform internal port scans
- Using SSRF/XSPA to extract data from internal machines
- Extracting data using Insecure Direct Object Reference (IDOR) flaws
- Exploiting security misconfigurations
- Using insecure deserialization to execute OS commands
- Exploiting crypto vulnerabilities
- Brute forcing HTTP basic authentication
- Brute forcing forms
- Bypassing file upload restrictions
- Summary
- Writing Burp Suite Extensions
- Breaking the Authentication for a Large Online Retailer
- Exploiting and Exfiltrating Data from a Large Shipping Corporation
- Other Books You May Enjoy
Testing information
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.