CHAPTER 9

Web Application Attacks

In this chapter, you will learn about

•   OWASP (Open Web Application Security Project)

•   Command injection

•   Account harvesting

•   SQL injection

•   XSS (cross-site scripting)

•   CSRF (cross-site request forgery)

•   Tools like Nikto, ZAP, Burp Suite, WPScan, and sqlmap

As you have seen so far, an attacker may try to compromise your physical or infrastructural security to gain access to your devices. That means if a host attacker can gain entry at your premises, he will take advantage of that fact to possibly plug in a cable on your network, socially engineer one of your employees, or find the server room and connect to one of your devices. When working over the network, reconnaissance and service scans ...

Get GCIH GIAC Certified Incident Handler All-in-One Exam Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.