Richa Gupta - Hands-on Penetration Testing for Web Applications

My father

Richa Gupta is a Senior Security test engineer at Altran, where she is responsible for delivering Security Solutions to different financial, digital and retail verticals. Her 7 years of experience in the industry have been dominated by the technical aspects of application security, from the dual perspectives of a consulting and end-user implementation role. She has done attack-based security assessment and penetration testing. She has worked extensively with large-scale web application deployments in the Retail services industry. She has worked on many cloud solutions like AWS, Azure, GCP.

She is a certified penetration tester holding Certified Ethical Hacking (CEH) certification.

Your LinkedIn Profile:

https://www.linkedin.com/in/richa-gupta-366b6274/

Sachin Chadha has 13+ years of experience in the Information Security domain. He specializes in vulnerability assessment, penetration testing, application security, incident management, Governance Risk and Compliance (GRC), awareness training, and so on. Sachin is currently working in Aramco Asia as a Security Specialist (a subsidiary of Saudi Aramco). In the past, Sachin has worked with Fortune 500 companies. Sachin has worked extensively with the Government of India and with Intelligence Agencies in India. Sachin has done Masters in Computer Security from the UK and possesses more than 10 cybersecurity certifications. Sachin has received multiple awards from the information security community in India.

Vignesh Balasubramanian has over 4 years of experience in performing vulnerability assessments, penetration testing, and digital forensic investigations. Prior to becoming a cybersecurity professional, he worked as a Systems Integration Tester at Reliance Jio Infocomm Limited in Mumbai. Vignesh holds a Bachelors degree in Electronics and Telecommunication Engineering from Savitribai Phule Pune University. He is now working independently on cybersecurity training and consulting projects.

I am grateful to BPB Publications for giving me the opportunity to pen down my first book and letting me evolve as a writer. This book wouldnt have happened if I hadnt had the support of my family and friends. I would like to thank them for putting up with me while I was spending many weekends and evenings on writing. My gratitude goes to the team at Sopra Steria for providing valuable insights into some of the basic concepts.

As with any new class of technology, web applications have brought a new range of security vulnerabilities. There is a set of most commonly encountered vulnerabilities and people are aware of them over time, however, there are new attacks as well that were not considered when web applications were being developed. New technologies have been developed that have introduced new possibilities for exploitation. Some categories of security flaws are completely mitigated as a result of the mitigations made to the web browser software and other development technologies.

The most critical attacks against web applications are those that disclose sensitive data or gain unauthorized access to the web servers or other components on which the application is running. Zero-day vulnerabilities of high-intensity compromises occur frequently such as system downtime or website defacement, denial-of-service attacks can be used to compromise and create resource exhaustion against infrastructure.

So, web application security is the most significant area today for an organization to take care of.

The primary goal of this book is to provide information and skills that are necessary to understand from the security point of view of any web application. This book contains real-life examples that will show you how to discover, exploit, and mitigate various vulnerabilities as well as how to launch various automated tools to customize attacks. Over the 15 chapters in this book, you will learn the following:

, explains the importance of checking security flaws in web applications and its necessity as threats become more potent and prevalent.

, explains and discusses the various modern web application vulnerabilities.

, explains the methodology or approach to start with the penetration testing of web applications.

, explains the authentication mechanism and discusses various security flaws present in user authentication mechanisms.

, explains the session mechanism and discusses various security flaws present in user session management.

, explains secure communication channels and various vulnerabilities present in these communication channels.