placing your order...
Don't refresh or navigate away from the page.
Defending by Attacking: Web Applications for System Administrators (liveProject) added to cart
continue shopping
go to cart
- customers also bought these items
- CI/CD Application Testing with Jenkins X
- Secure Financial Transactions with Ansible, Terraform, and OpenSCAP
- Defending by Attacking: Web Applications for Developers
- Building Micro Frontends with a Team-Based Vertical Architecture
- Secure Business Infrastructure with Your Own VPN
Look inside
As a systems administrator, you need to be sure the sites, apps, and networks you oversee are safe from attacks. Hackers and other attackers are constantly on the prowl for weaknesses, and one of the best ways to counter them is with penetration testing. These simulated assaults on your own applications reveal hidden weaknesses and let you patch and harden your own defenses before they can be exploited.
In this liveProject, you’ll take on the dual role of both attacker and defender of a vulnerable e-commerce site. You’ll start out by attacking your own systems, using browser development tools to map the attack surface of a website, gaining access with a SQL injection attack, and extracting valuable data. With the flaws in your system revealed, you’ll step into the defensive role to harden your system’s security, set up file monitoring, and work to prevent future attacks. This liveProject comes with full access to a virtual training web application, so you can experiment without endangering your own software.
In this liveProject, you’ll take on the dual role of both attacker and defender of a vulnerable e-commerce site. You’ll start out by attacking your own systems, using browser development tools to map the attack surface of a website, gaining access with a SQL injection attack, and extracting valuable data. With the flaws in your system revealed, you’ll step into the defensive role to harden your system’s security, set up file monitoring, and work to prevent future attacks. This liveProject comes with full access to a virtual training web application, so you can experiment without endangering your own software.
This project is designed for learning purposes and is not a complete, production-ready application or solution.
book resources
When you start your liveProject, you get full access to the following books for 90 days.
prerequisites
This liveProject is for system administrators who want to defend their applications against common cyber attacks. No cyber security skills are required to get started. To begin this liveProject, you will need to be familiar with:TOOLS
- Basics of PHP programming
- Basics of browser developer tools
- Basics of command line prompts
- Basics of SSH’ing into hosts
- Basics of wget, nikto, and sqlmap
- Fundamentals of HTML and HTTP requests/responses
- Basics of shell programming
- Basic understanding of SQL
- Basics of Apache configuration
- Basics of Postgres user and role management
you will learn
Each section in this liveProject will test and develop your knowledge in a different area of web security. You’ll master the most popular tools for web penetration testing, and write up effective security reports.- Information gathering with browser developer tools
- Resource enumeration with wget and nikto
- Mapping attack surfaces
- Handcrafting a SQL injection attack
- Vulnerability discovery
- Attack persistence techniques
- Fixing application and database permissions
- Deploying file monitoring solutions
features
- Self-paced
- You choose the schedule and decide how much time to invest as you build your project.
- Project roadmap
- Each project is divided into several achievable steps.
- Get Help
- While within the liveProject platform, get help from other participants and our expert mentors.
- Compare with others
- For each step, compare your deliverable to the solutions by the author and other participants.
- book resources
- Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.