Search the Community

Dive into security testing and web app scanning with ZAP, a powerful OWASP security tool Purchase of the print or Kindle book includes a free PDF eBook Key Features Master ZAP to protect your systems from different cyber attacks Learn cybersecurity best practices using this step-by-step guide packed with practical examples Implement advanced testing techniques, such as XXE attacks and Java deserialization, on web applications Book Description Maintaining your cybersecurity posture in the ever-changing, fast-paced security landscape requires constant attention and advancements. This book will help you safeguard your organization using the free and open source OWASP Zed Attack Proxy (ZAP) tool, which allows you to test for vulnerabilities and exploits with the same functionality as a licensed tool. Zed Attack Proxy Cookbook contains a vast array of practical recipes to help you set up, configure, and use ZAP to protect your vital systems from various adversaries. If you're interested in cybersecurity or working as a cybersecurity professional, this book will help you master ZAP. You'll start with an overview of ZAP and understand how to set up a basic lab environment for hands-on activities over the course of the book. As you progress, you'll go through a myriad of step-by-step recipes detailing various types of exploits and vulnerabilities in web applications, along with advanced techniques such as Java deserialization. By the end of this ZAP book, you'll be able to install and deploy ZAP, conduct basic to advanced web application penetration attacks, use the tool for API testing, deploy an integrated BOAST server, and build ZAP into a continuous integration and continuous delivery (CI/CD) pipeline. What you will learn Install ZAP on different operating systems or environments Explore how to crawl, passively scan, and actively scan web apps Discover authentication and authorization exploits Conduct client-side testing by examining business logic flaws Use the BOAST server to conduct out-of-band attacks Understand the integration of ZAP into the final stages of a CI/CD pipeline Who this book is for This book is for cybersecurity professionals, ethical hackers, application security engineers, DevSecOps engineers, students interested in web security, cybersecurity enthusiasts, and anyone from the open source cybersecurity community looking to gain expertise in ZAP. Familiarity with basic cybersecurity concepts will be helpful to get the most out of this book. Table of Contents Getting Started with OWASP Zed Attack Proxy Navigating the UI Configuring, Crawling, Scanning, and Reporting Authentication and Authorization Testing Testing of Session Management Validating (Data) Inputs - Part 1 Validating (Data) Inputs - Part 2 Business Logic Testing Client-Side Testing Advanced Attack Techniques Advanced Adventures with ZAP [Hidden Content] [hide][Hidden Content]]

Gain critical real-world skills to secure your Microsoft Azure infrastructure against cyber attacks Purchase of the print or Kindle book includes a free PDF eBook Key Features Dive into practical recipes for implementing security solutions for Microsoft Azure resources Learn how to implement Microsoft Defender for Cloud and Microsoft Sentinel Work with real-world examples of Azure Platform security capabilities to develop skills quickly Book Description With evolving threats, securing your cloud workloads and resources is of utmost importance. Azure Security Cookbook is your comprehensive guide to understanding specific problems related to Azure security and finding the solutions to these problems. This book starts by introducing you to recipes on securing and protecting Azure Active Directory (AD) identities. After learning how to secure and protect Azure networks, you'll explore ways of securing Azure remote access and securing Azure virtual machines, Azure databases, and Azure storage. As you advance, you'll also discover how to secure and protect Azure environments using the Azure Advisor recommendations engine and utilize the Microsoft Defender for Cloud and Microsoft Sentinel tools. Finally, you'll be able to implement traffic analytics; visualize traffic; and identify cyber threats as well as suspicious and malicious activity. By the end of this Azure security book, you will have an arsenal of solutions that will help you secure your Azure workload and resources. What you will learn Find out how to implement Azure security features and tools Understand how to provide actionable insights into security incidents Gain confidence in securing Azure resources and operations Shorten your time to value for applying learned skills in real-world cases Follow best practices and choices based on informed decisions Better prepare for Microsoft certification with a security element Who this book is for This book is for Azure security professionals, Azure cloud professionals, Azure architects, and security professionals looking to implement secure cloud services using Microsoft Defender for Cloud and other Azure security features. A solid understanding of fundamental security concepts and prior exposure to the Azure cloud will help you understand the key concepts covered in the book more effectively. This book is also beneficial for those aiming to take Microsoft certification exams with a security element or focus. Table of Contents Securing Azure AD Identities Securing Azure Networks Securing Remote Access Securing Virtual Machines Securing Azure SQL Databases Securing Azure Storage Using Advisor Using Microsoft Defender for Cloud Using Microsoft Sentinel Using Traffic Analytics [Hidden Content] [hide][Hidden Content]]

Descripción Descripción del producto Over 90 hands-on recipes explaining how to leverage custom scripts and integrated tools in Kali Linux to effectively master network scanning About This Book Learn the fundamentals behind commonly used scanning techniques Deploy powerful scanning tools that are integrated into the Kali Linux testing platform A step-by-step guide, full of recipes that will help you use integrated scanning tools in Kali Linux, and develop custom scripts for making new and unique tools of your own Who This Book Is For "Kali Linux Network Scanning Cookbook" is intended for information security professionals and casual security enthusiasts alike. It will provide the foundational principles for the novice reader but will also introduce scripting techniques and in-depth analysis for the more advanced audience. Whether you are brand new to Kali Linux or a seasoned veteran, this book will aid in both understanding and ultimately mastering many of the most powerful and useful scanning techniques in the industry. It is assumed that the reader has some basic security testing experience. What You Will Learn Develop a network-testing environment that can be used to test scanning tools and techniques Understand the underlying principles of network scanning technologies by building custom scripts and tools Perform comprehensive scans to identify listening on TCP and UDP sockets Examine remote services to identify type of service, vendor, and version Evaluate denial of service threats and develop an understanding of how common denial of service attacks are performed Identify distinct vulnerabilities in both web applications and remote services and understand the techniques that are used to exploit them In Detail Kali Linux Network Scanning Cookbook will introduce you to critical scanning concepts. You will be shown techniques associated with a wide range of network scanning tasks that include discovery scanning, port scanning, service enumeration, operating system identification, vulnerability mapping, and validation of identified findings. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. You will also be shown how to identify remote services, how to assess security risks, and how various attacks are performed. This immersive guide will also encourage the creation of personally scripted tools and the development of skills required to create them. Biografía del autor Justin Hutchens currently works as a security consultant and regularly performs penetration tests and security assessments for a wide range of clients. He previously served in the United States Air Force, where he worked as an intrusion detection specialist, network vulnerability analyst, and malware forensic investigator for a large enterprise network with over 55,000 networked systems. He holds a Bachelor's degree in Information Technology and multiple professional information security certifications, to include Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), eLearnSecurity Web Application Penetration Tester (eWPT), GIAC Certified Incident Handler (GCIH), Certified Network Defense Architect (CNDA), Certified Ethical Hacker (CEH), EC-Council Certified Security Analyst (ECSA), and Computer Hacking Forensic Investigator (CHFI). He is also the writer and producer of Packt Publishing's e-learning video course, Kali Linux - Backtrack Evolved: Assuring Security by Penetration Testing. [Hidden Content]

Kali Linux – An Ethical Hacker’s Cookbook, 2nd Edition ($44.99 Value) FREE for a Limited Time Discover end-to-end penetration testing solutions to enhance your ethical hacking skills Many organizations have been affected by recent cyber events. At the current rate of hacking, it has become more important than ever to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will get you off to a strong start by introducing you to the installation and configuration of Kali Linux, which will help you to perform your tests. You will also learn how to plan attack strategies and perform web application exploitation using tools such as Burp and JexBoss. Delve into the technique of carrying out wireless and password attacks as well as the wide range of tools that help in forensic investigations and incident response mechanisms. Practical recipes to conduct effective penetration testing using the latest version of Kali Linux Leverage tools like Metasploit, Wireshark, Nmap, and more to detect vulnerabilities with ease Confidently perform networking and application attacks using task-oriented recipes [HIDE][Hidden Content]]