Chapter 3. Vulnerability Identification

In this chapter, we will cover the following topics:

Automated URL-based Directory Traversal
Automated Cross-site scripting (parameter and URL)
Automated parameter-based Cross-site scripting
Automated fuzzing
jQuery checking
Header-based Cross-site scripting
Shellshock checking

Introduction

This chapter focuses on identifying traditional web app vulnerabilities from the Top 10 Open Web Application Security Project (OWASP). This would include Cross-site scripting (XSS), Directory Traversal, and those other vulnerabilities that are simple enough to check for not to warrant their own chapter. This chapter provides a parameter-based and URL-based version of each script to allow for either eventuality and cut down on ...

Get Python: Penetration Testing for Developers now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Python: Penetration Testing for Developers by Christopher Duffy, Mohit, Cameron Buchanan, Terry Ip, Andrew Mabbitt, Benjamin May, Dave Mound

Chapter 3. Vulnerability Identification

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly