book

Practical Web Penetration Testing

by Gus Khawaja

June 2018

Intermediate to advanced

294 pages

7h 5m

English

Packt Publishing

Read now

Unlock full access

Contents

Content preview from Practical Web Penetration Testing

Tampering – integrity

Threat Description	Threat action that mainly aims to alter the data at rest or in transit.
Threat Target	The site data.
Attacker Steps	An attacker can do the following for this type of threat: Can manipulate data through an SQL injection Attack / XSS Attack An internal attacker can manipulate data by accessing the database directly without having the right privilege An attacker can intercept the communication and alter it
Counter-Measure	The admin console for WordPress is only accessible through the intranet The database will not be accessible directly by a DB admin (only accessible through WordPress) Communication is only accessible through TLS
Existing Counter-Measure	N/A - it's a ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

You might also like

Hands-On Web Penetration Testing with Metasploit

Hands-On Web Penetration Testing with Metasploit

Harpreet Singh, Himanshu Sharma

Advanced Infrastructure Penetration Testing

Advanced Infrastructure Penetration Testing

Chiheb Chebbi

Mastering Modern Web Penetration Testing

Mastering Modern Web Penetration Testing

Prakhar Prasad

Penetration Testing

Penetration Testing

Georgia Weidman

Publisher Resources

ISBN: 9781788624039Supplemental Content