Defending by Attacking: Web Applications for System Administrators you own this product

prerequisites: intermediate web development • basic PHP • basic browser tools • basic command line prompts • basics of shell programming • basics of SQL
skills learned: information gathering • resource enumeration • manual attacks • vulnerability discovery • attack persistence • secure programming

Spiros Antonatos

4 weeks · 5-7 hours per week · BEGINNER

filed under

Development

try now

placing your order...

Don't refresh or navigate away from the page.

liveProject

$29.99

liveProject liveProjects give you the opportunity to learn new skills by completing real-world challenges in your local development environment. Solve practical problems, write working code, and analyze real data—with liveProject, you learn by doing. These self-paced projects also come with full liveBook access to select books for 90 days plus permanent access to other select Manning products. $29.99 $49.99 you save $20 (40%)

get all Manning content with a subscription

Defending by Attacking: Web Applications for System Administrators (liveProject) added to cart

continue shopping adding to cart

continue shopping

adding to cart

choose your plan

pro

monthly

annual

$24.99

$249.99
only $20.83 per month

share your subscription with one other person
access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose another free eBook every time you renew
choose twelve free eBooks per year
exclusive 50% discount on all purchases
Defending by Attacking: Web Applications for System Administrators eBook for free

team

monthly

annual

$49.99

$499.99
only $41.67 per month

five seats for your team
access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose another free eBook every time you renew
choose twelve free eBooks per year
exclusive 50% discount on all purchases
Defending by Attacking: Web Applications for System Administrators eBook for free

Look inside

As a systems administrator, you need to be sure the sites, apps, and networks you oversee are safe from attacks. Hackers and other attackers are constantly on the prowl for weaknesses, and one of the best ways to counter them is with penetration testing. These simulated assaults on your own applications reveal hidden weaknesses and let you patch and harden your own defenses before they can be exploited.

In this liveProject, you’ll take on the dual role of both attacker and defender of a vulnerable e-commerce site. You’ll start out by attacking your own systems, using browser development tools to map the attack surface of a website, gaining access with a SQL injection attack, and extracting valuable data. With the flaws in your system revealed, you’ll step into the defensive role to harden your system’s security, set up file monitoring, and work to prevent future attacks. This liveProject comes with full access to a virtual training web application, so you can experiment without endangering your own software.

This project is designed for learning purposes and is not a complete, production-ready application or solution.

book resources

When you start your liveProject, you get full access to the following books for 90 days.

project author

Spiros Antonatos

Spiros Antonatos is a lead engineer at Aegis Technologies Pte Ltd, where he works on high-performance threat intelligence products. Previously, he was a research manager at Tenable and a research scientist and manager at IBM Research. He has authored and co-authored 32 conference papers, 4 journal papers, and 12 patents for web security, privacy, and network monitoring. He earned his PhD at the Computer Science Department, University of Crete, Greece.

prerequisites

This liveProject is for system administrators who want to defend their applications against common cyber attacks. No cyber security skills are required to get started. To begin this liveProject, you will need to be familiar with:

TOOLS

Basics of PHP programming
Basics of browser developer tools
Basics of command line prompts
Basics of SSH’ing into hosts
Basics of wget, nikto, and sqlmap

TECHNIQUES

Fundamentals of HTML and HTTP requests/responses
Basics of shell programming
Basic understanding of SQL
Basics of Apache configuration
Basics of Postgres user and role management

you will learn

Each section in this liveProject will test and develop your knowledge in a different area of web security. You’ll master the most popular tools for web penetration testing, and write up effective security reports.

Information gathering with browser developer tools
Resource enumeration with wget and nikto
Mapping attack surfaces
Handcrafting a SQL injection attack
Vulnerability discovery
Attack persistence techniques
Fixing application and database permissions
Deploying file monitoring solutions

features

Self-paced: You choose the schedule and decide how much time to invest as you build your project.
Project roadmap: Each project is divided into several achievable steps.
Get Help: While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others: For each step, compare your deliverable to the solutions by the author and other participants.
book resources: Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.