Answer the question
In order to leave comments, you need to log in
Would you recommend any literature on auditing the information security of web applications?
Hello!
As a diploma, I have to develop a web application that checks other web applications for vulnerabilities. I really hoped for the OWASP guide, but after reading it, I was disappointed, because. there are no effective methods of verification or they are painted dryly.
The plans are to deal with node.js, rent a server, and make my site perform 3-4 checks.
I would be grateful for links to resources / books that will help me implement the required functionality.
Answer the question
In order to leave comments, you need to log in
Make a crawler that will look for scripts that accept GET parameters (file.php?id=1&p=2) and forms. Then check of all found results on SQLi. There is a lot of information on SQLi, sqlmap sorts are also available.
Agree with the answer above. I can advise the resource https://pentesterlab.com
There are many images for training (relatively many). I can also advise you to see how it is implemented in skipfish.
https://github.com/spinkham/skipfish
Scan WP sites with wpscan.
In general, if you get really confused, you can also make the application scan ports using nmap and check, for example, the FTP version on the server and check it against the metasploit vulnerability database.
I can also recommend the book. www.amazon.com/gp/product/1593273886
True, there is no translation in Russian.
To be honest, I would suggest looking at the book - www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470/. There, the ideological component is well described, and there are also clear instructions on where and what to check on which topic. Well, use the answers above. A script that launches the necessary tools, collects data and puts it where it needs to be is also a good experience.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question