GCIH GIAC Certified Incident Handler All-in-One Exam Guide

CHAPTER 9 Web Application Attacks

In this chapter, you will learn about

• OWASP (Open Web Application Security Project)

• Command injection

• Account harvesting

• SQL injection

• XSS (cross-site scripting)

• CSRF (cross-site request forgery)

• Tools like Nikto, ZAP, Burp Suite, WPScan, and sqlmap

As you have seen so far, an attacker may try to compromise your physical or infrastructural security to gain access to your devices. That means if a host attacker can gain entry at your premises, he will take advantage of that fact to possibly plug in a cable on your network, socially engineer one of your employees, or find the server room and connect to one of your devices. When working over the network, reconnaissance and service scans ...

Get GCIH GIAC Certified Incident Handler All-in-One Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

GCIH GIAC Certified Incident Handler All-in-One Exam Guide by Nick Mitropoulos

CHAPTER 9

Web Application Attacks

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly