Defending by Attacking: Web Applications for Developers

you own this product
prerequisites
intermediate web development • basic PHP • basic browser tools • basic command line prompts • basics of shell programming • basics of SQL
skills learned
information gathering • resource enumeration • manual attacks • vulnerability discovery • attack persistence • secure programming
Spiros Antonatos
4 weeks · 5-7 hours per week · BEGINNER
Included with a Manning Online subscription
catalog / Software Development
try now

pro $24.99 per month

  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose one free eBook per month to keep
  • exclusive 50% discount on all purchases
  • renews monthly, pause or cancel renewal anytime

lite $19.99 per month

  • access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

Look inside
E-commerce sites handle valuable personal information such as names, addresses, and credit card details. This makes them ripe for malicious attacks. Successful web developers use penetration tests—simulated attacks on your own applications—in order to spot vulnerabilities and shore up security.

In this liveProject, you’ll take on the dual role of both attacker and defender of a vulnerable e-commerce site. You’ll start out wearing the black hat of a hacker as you perform reconnaissance, exploit vulnerabilities with specialist tools, and attempt to extract data. Once you’ve cracked open the holes in your system, you’ll step into the defensive role to fix vulnerabilities in your code that have led to injection attacks. This liveProject comes with full access to a virtual training web application, so you can experiment without endangering your own software.
This project is designed for learning purposes and is not a complete, production-ready application or solution.

project author

Spiros Antonatos
Spiros Antonatos is a lead engineer at Aegis Technologies Pte Ltd, where he works on high-performance threat intelligence products. Previously, he was a research manager at Tenable and a research scientist and manager at IBM Research. He has authored and co-authored 32 conference papers, 4 journal papers, and 12 patents for web security, privacy, and network monitoring. He earned his PhD at the Computer Science Department, University of Crete, Greece.

prerequisites

This liveProject is for web developers who want to defend their applications against common cyber attacks. No cyber security skills are required to get started. To begin this liveProject, you will need to be familiar with:

TOOLS
  • Basics of PHP programming
  • Basics of browser developer tools
  • Basics of command line prompts
  • Basics of SSH’ing into hosts
  • Basics of wget, nikto, and sqlmap
TECHNIQUES
  • Fundamentals of HTML and HTTP requests/responses
  • Basics of shell programming
  • Basic understanding of SQL

features

Self-paced
You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from fellow participants and even more help with paid sessions with our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.

related titles

choose your plan

pro

monthly
annual
$24.99
$249.99
only $20.83 per month
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • renews monthly, pause or cancel renewal anytime
  • renews annually, pause or cancel renewal anytime
  • Defending by Attacking: Web Applications for Developers project for free

team

monthly
annual
$49.99
$399.99
only $33.33 per month
  • five seats for your team
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • renews monthly, pause or cancel renewal anytime
  • renews annually, pause or cancel renewal anytime
  • Defending by Attacking: Web Applications for Developers project for free