Part 2: Evergreen Attacks

In the second part of this book, we will meticulously dissect “evergreen attacks,” walking through them step by step. We will focus on perennial vulnerabilities that, despite being well known, perpetually resurface in novel forms.

Practically, we will see a Capture the Flag (CTF) exercise that we prepared to understand SAML better. Then, we will see how we discovered two CVEs (SQL injection and Cross-Site Scripting) by reviewing the code of a WordPress plugin, and four CVEs (Command Injection and Path Traversal) on an IoT device by reversing some components.

This part has the following chapters:

Chapter 3, Attacking the Authentication Layer – a SAML Use Case
Chapter 4, Attacking Internet-Facing Web Applications – ...

Get Attacking and Exploiting Modern Web Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Attacking and Exploiting Modern Web Applications by Simone Onofri, Donato Onofri

Part 2: Evergreen Attacks

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly