Chapter 3. Vulnerability Identification
In this chapter, we will cover the following topics:
- Automated URL-based Directory Traversal
- Automated Cross-site scripting (parameter and URL)
- Automated parameter-based Cross-site scripting
- Automated fuzzing
- jQuery checking
- Header-based Cross-site scripting
- Shellshock checking
Introduction
This chapter focuses on identifying traditional web app vulnerabilities from the Top 10 Open Web Application Security Project (OWASP). This would include Cross-site scripting (XSS), Directory Traversal, and those other vulnerabilities that are simple enough to check for not to warrant their own chapter. This chapter provides a parameter-based and URL-based version of each script to allow for either eventuality and cut down on ...
Get Python: Penetration Testing for Developers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.