Web Application Advanced Hacking



A Hands-On Field Guide to latest techniques used by security researchers and bug bounty hunters

What to expect from this book

See the brief descriptions of each chapter below to get a better understanding of what to expect from this book:

Chapter 1: Deserialization Attacks

This chapter provides an introductory background on how the famous deserialization attacks occur and how they are used in common contexts, with a focus on two major programming languages (PHP and Python).

Chapter 2: Type Juggling Attacks

In this chapter, we will discuss the logical origin of this famous PHP vulnerability and drill down into the details to better understand how it arises.

Chapter 3: NoSQL Databases

In this chapter, we will cover the basics of NoSQL databases, and review the differences between the traditional SQL syntax and NoSQL syntax. We’ll also look at common techniques used by attackers to hack applications powered by a NoSQLbased backend.

Chapter 4: API Hacking GraphSQL

This chapter covers the fundamentals of GraphSQL syntax and examines the vulnerabilities that attackers use to exfiltrate the database data using relevant techniques and methods.

Chapter 5: Misconfigured Cloud Storage

In this chapter, we will learn about the technology that major cloud storage providers use, and get familiar with OSINT tricks that may help us identify and evaluate the use of cloud storage for sensitive data.

Chapter 6: Server-Side Request Forgery

This chapter discusses the advanced usage of SSRF attacks using real-life scenarios, with some deep insights as a bug bounty hunter. In addition, we will explore the latest trick being used by security researchers, called Gopher SSRF.

Chapter 7: Application Logic

In this chapter, we will discuss how logical flows can be exploited to abuse application business flows, using new and efficient techniques including DOM Clobbering and Mass Assignment, with specific examples that I have encountered in my engagements.

Chapter 8: Attacking Web JSON Token (JWT)

In this chapter, I cover the fundamentals of this lightweight web protocol, and discuss common uses and attacks using manual and automation tools. I break down the JWT attack surface to give you a better understanding.

Chapter 9: Attacking SAML Flows

This chapter discusses the SAML protocol, including its design and architecture in a practical way, and explore the implications of bad implementations by analyzing a few practical cases from recent years.

Chapter 10: Attacking OAuth2.0 Flows

This chapter analyzes the OAuth2.0 protocol used by many major companies, including Facebook and Twitter. We will try to simplify its flow and spot the vulnerabilities that can occur if developers do not follow the tandards of the OAuth2.0 protocol.

About the Author

Maor Tal is a security researcher with more than seven years’ experience in various security and software fields. He works as a penetration tester for major global financial institutions and leading high-tech companies to help them in their cyber security posture. His core areas of expertise include web and mobile penetration testing, vulnerability analysis, and red-team engagements. He holds relevant certificates in the field of penetration testing such as OSCP, eCCPT. He loves to participate in Capture The Flag competitions, bug bounties, security events and share his passion for penetration testing to help security professionals boost their skills and get them to think outside the box.