October 2025
Intermediate to advanced
372 pages
5h 56m
Japanese
Content preview from 実践 Webペネトレーションテスト ―攻撃者の視点で学ぶWebアプリケーションセキュリティ
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
1章Webペネトレーションテストラボの環境構築
本書で紹介するいくつかの攻撃は手元で検証できるようになっています。Webアプリケーションに対して実際に攻撃することで、より深い理解を得ることができるでしょう。
本書で登場するソースコードは、別途指定があるものを除いて、GitHub上で公開されています。
本書のラボ環境を用いたテストでは主に次のツールを用います。簡単に、ラボ環境の準備方法を説明します。
- Docker
- Burp Suite
なお、本章ではBurpやDockerのインストール手順は簡単に紹介しますが、gitやPythonをはじめとする基本的な開発ツールのインストール方法や使い方については原則として取り上げません。お使いのOSや環境に合わせて、公式ドキュメントを参考にしながら適宜インストールしたり、オプションを読み替えてください。また、特にバージョン指定がないツールについては、2025年6月時点で最新のバージョンを利用しています。
1.1 Dockerのインストール
動作環境の差異による問題を避けるため、本書ではDockerを利用します。
Windows、Mac、Linuxなど、お使いのOSに合わせてDockerをインストールしてください。インストール方法は基本的には公式サイト†1の手順に従うのがいいでしょう。
Windowsの場合、公式サイトからダウンロードする以外にもwingetコマンドを使ってインストールする方法もあります。
$ winget install ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.