دانلود کتاب تست نفوذ با جاوا، کتابچه راهنمای گام به گام تست نفوذ برای برنامه‌های جاوا

From childhood, I was fascinated by technology—taking apart electronics and teaching myself basic programming as a teenager. Inspired by Isaac Asimov’s R. Daneel Olivaw, I aimed to create an AI robot. In college, I focused on artificial intelligence and natural language understanding, pursuing a PhD in the field. However, a family illness forced me to leave the program and take a job at a company where I identified insecure practices like hardcoded passwords and bypassable security constraints, though my concerns were dismissed. While taking a grad school course, I met members of a Fortune 500 security team who encouraged my instincts. Soon after, I joined their team as a pentester, despite having no prior security experience, and developed a passion for testing web and mobile applications. After a few years, I returned to software engineering but remained deeply involved in security, integrating it into my work and pursuing certifications, conferences, and security culture initiatives. Recognizing the link between weak security practices and poor culture, I launched developer-focused initiatives like lunch-and-learns and later led my company’s PCI DSS-mandated secure coding class. This six-week labbased course, which I built around an intentionally insecure Java application, became the foundation for the web application section of this book. Similarly, the mobile application section originated from a conference presentation on vulnerable IoT devices and a related secure coding class. These experiences ultimately shaped the content and direction of this book. Chapter 1: Introduction: Java Security, Secure Coding, and Penetration Testing – Java Security and Pentesting discusses the basics of Java security, including the OWASP top 10, secure coding, secure design fundamentals, and pentesting introduction. Chapter 2: Reconnaissance and Mapping – Will discuss basic pentesting processes, including web application mapping and reconnaissance. Mapping involves using the system as a user and keeping a history for further exploration. Reconnaissance involves finding technologies and hidden data and content in a web application. Chapter 3: Hands-on with Web Proxies – Walks through the setup and usage of two popular tools for web application pentesting. Burp Suite has a free and professional version with different offerings. OWASP ZAP is a free tool. Both offer free web proxies. Chapter 4: Observability with SQL Injections – Examines various injection vulnerabilities, including a walkthrough of how to test for SQL injection showing how to use SQLmap. The cross-site scripting walkthrough discusses reflected, stored, and Dom XSS. Then testing for command injection, XML injection, and Xpath injection are discussed. Chapter 5: Misconfiguration with Default Values – Discusses misconfigurations and default configurations, including vulnerable JavaScript libraries and other known vulnerable components. This includes admin interfaces, default credentials, and debug and developer options. Chapter 6: CORS Exploitation – Discusses client-side code, including validations, storage, and CORs. It will walk through bypassing client-side validations and manipulating client-side storage. An in-depth look at CORs exploitation will follow, including POC code. Chapter 7: Exploring Vectors with DoS Attacks – Examines denial of service attack vectors, including excessive input processing, concurrency issues, wild card searches, resource exhaustion, and memory consumption. Attack walkthroughs and safeguards for protecting the environment will follow. Then XXE attack vector, which can cause a DOS, will be covered in depth. Chapter 8: Executing Business Logic Vulnerabilities – Will discuss the common types of business logic vulnerabilities, including arbitrary file uploads, sequential process flows, and specific application rules that can be bypassed. Chapter 9: Authentication Protocols – Discusses authentication, including vulnerable login, logout, password change, and forgot password. This chapter also examines username enumeration and brute force attacks, including an exploitation walkthrough using tools such as Burp Suite Intruder. Chapter 10: Session Management – It will do a walk-through of using the Burp Suite sequencer tool to test for guessable session IDs. It will manually exploit session fixation and session hijackings. As SPAs and APIs sometimes use JWTs to store the session information, the chapter will conclude with JWT vulnerabilities. Chapter 11: Authorization Practices – Will discuss authorization vulnerabilities, including missing function level access control, insecure direct object reference, privilege escalation, CSRF, and SSRF. Testing rolebased access control using the Burp Suite site map tool and Burp Suite extension autorize will be walked through. Chapter 12: Java Deserialization Vulnerabilities – Will go through manual Java deserialization vulnerability exploitation, which includes identifying, creating, and delivering the payload. Then, it will show how to use tools such as ysoserial, Metasploit, and Burp Suite to exploit these vulnerabilities. Chapter 13: Java Remote Method Invocation Vulnerabilities – Will describe Java RMI and how it allows Java objects to invoke methods on remote systems. Then it will provide a walkthrough of exploiting an insecure RMI implementation. This will show how to use this to execute remote code and gain unauthorized access. Chapter 14: Java Native Interface Vulnerabilities – Will describe JNI, which allows Java applications to be called by native applications or libraries. A walkthrough of an insecure JNI implementation will show how to corrupt memory and perform code execution. Chapter 15: Static Analysis of Java Android Applications – Will show how to decompile the apk file back into Java code using apktool, dex2jar and jd-gui. Then static code analysis can be used to find secrets, discover vulnerable activities, vulnerable receivers, misuse of shared preferences, and vulnerable local database usage. Chapter 16: Dynamic Analysis of Java Android Applications – Will show how to use an emulator to run an application in a controlled environment to test security scenarios, such as authentication, authorization and business logic. The main tools will be Android Emulator and ADB (Android Debug Bridge) to debug and exploit vulnerable intents, receivers and activities. Chapter 17: Network Analysis of Java Android Applications – Discussed how to use Burp Suite to proxy network requests from an Android application to identify all API calls and other data communications. Certificate pinning will be discussed, as well as ways to bypass it.