2 Toolset for Web Attacks and Exploitation

“The Analysts are required to know their tools, where the tools came from, how the tools work, and have them tested in a restricted test area before using the tools on the client organization.” Pete Herzog

Refer to Chapter 1 to get an idea of how it should look like [1]

Welcome to the second chapter, where we will prepare our means of attacking web applications, starting with our first Capture the Flag (CTF) exercise.

As we read in the opening epigraph from the Open Source Security Methodology Manual (OSSTMM)’s rules of engagement, we need to know our tools and where they come from before using them in a production environment.

We can be caught up in euphoria or haste, so when doing an activity, we ...

Get Attacking and Exploiting Modern Web Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Attacking and Exploiting Modern Web Applications by Simone Onofri, Donato Onofri

2

Toolset for Web Attacks and Exploitation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly