10 Advanced Attack Techniques

Welcome to Chapter 10, Advanced Attack Techniques. In this chapter, we will cover some advanced attacks, such as XML external entity (XXE) attacks and Java deserialization, where we will explain and demonstrate exploiting these vulnerabilities on the testing applications. We will also have fun brute-forcing the password change on one of the applications, conducting web cache poisoning, and working with JSON Web Tokens.

In this chapter, we will cover the following recipes:

Performing XXE attacks
Working with JSON Web Tokens
Performing Java deserialization attacks
Password brute-force via password change
Web cache poisoning

Technical requirements

For this chapter, you need to utilize a common browser such as Mozilla ...

Get Zed Attack Proxy Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Zed Attack Proxy Cookbook by Ryan Soper, Nestor N Torres, Ahmed Almoailu

10

Advanced Attack Techniques

Technical requirements

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly