CompTIA PenTest+ Certification All-in-One Exam Guide, Second Edition (Exam PT0-002), 2nd Edition

CHAPTER 5 Web and Database Attacks

In this chapter, you will learn about

• The OWASP Top Ten

• Research attack vectors for application-based attacks

• Various types of application-based attacks

• Complete various exercises to understand web testing tool behavior

During a pentest, you likely will come across some type of application or database server that will be in your list of authorized targets. When you identify these targets, you’ll need to know how to identify the best attack vector, tools, and attacks to use. But you’ll also need to know what mitigations work best. Remember, your value as a pentester is to help make security better with usable and effective report recommendations.

OWASP Top Ten

In Chapter 1, we learned about ...

Get CompTIA PenTest+ Certification All-in-One Exam Guide, Second Edition (Exam PT0-002), 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CompTIA PenTest+ Certification All-in-One Exam Guide, Second Edition (Exam PT0-002), 2nd Edition by Heather Linn

CHAPTER 5

Web and Database Attacks

OWASP Top Ten

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly