No matter if you're veteran or newcomer to the security field, the key technologies used in today’s web applications are rapidly changing—with more and more data stored in the cloud and applications based on cutting-edge, open-source technologies, penetration testing and security engagement processes have naturally become more complicated.

This book intends to be hands-on and highly practical guide to enhancing your knowledge on modern application stacks. It will help to fill knowledge gaps when it comes to hacking modern web applications by using advanced techniques such as manually identifying and exploiting vulnerabilities for:

• NoSQL databases
• JSON Web Token (JWT) & OAuth2.0 Protocols
• Cloud Storage
• Advanced Server-Side Request Forgery (SSRF)
• Application Logical flaws
• and much more...
• 
  

All covered in this book using real-life examples!

The skills you gain from this book will help you to expand the scope of your customers' engagements and increase your value as a security professional (or “white-hacker,” as some prefer to be called), as this book will help you dive deep into the underlying concepts beneath pentesting tools.

Table of Contents

Chapter 1: Deserialization Attacks

Chapter 2: Type Juggling Attacks

Chapter 3: NoSQL Databases

Chapter 4: API Hacking GraphQL

Chapter 5: Misconfigured Cloud Storage

Chapter 6: Server-Side Request Forgery

Chapter 7: Application Logic

Chapter 8: Attacking JSON Web Tokens (JWT)

Chapter 9: Attacking SAML Flows

Chapter 10: Attacking OAuth 2.0 Flows

About the Author

Maor Tal is a security researcher with more than seven years' experience in various security and software fields. He works as a penetration tester for major global financial institutions and leading high-tech companies to help them enhance their cyber security. His core areas of expertise include web and mobile penetration testing, vulnerability analysis, and red-team engagements. With relevant certificates in the field of penetration testing such as OSCP and eCCPT, he loves to participate in Capture the Flag competitions, bug bounties, and security events, and to share his passion for penetration testing to help security professionals boost their skills and get them to think outside the box.