Web應(yīng)用架構(gòu)詳解與滲透測(cè)試
定 價(jià):49 元
- 作者:王斌
- 出版時(shí)間:2025/8/1
- ISBN:9787121512131
- 出 版 社:電子工業(yè)出版社
- 中圖法分類:TP393.08
- 頁碼:228
- 紙張:
- 版次:01
- 開本:16開
本書采用項(xiàng)目引導(dǎo)結(jié)合任務(wù)驅(qū)動(dòng)的模式進(jìn)行編寫����,本書深入淺出地介紹了Web應(yīng)用架構(gòu)的相關(guān)知識(shí)�����,以及Web滲透測(cè)試技術(shù)和工具����。全書共4個(gè)項(xiàng)目�,包括Web應(yīng)用架構(gòu)詳解、Web滲透測(cè)試工具��、Web滲透測(cè)試�、Web滲透測(cè)試實(shí)戰(zhàn),重點(diǎn)培養(yǎng)學(xué)生提出問題����、分析問題和解決問題的綜合能力。 本書配有豐富且實(shí)用的教學(xué)資源����,包括教學(xué)PPT、實(shí)驗(yàn)環(huán)境��、CVE漏洞案例和任務(wù)實(shí)訓(xùn)等���,便于學(xué)生更好地掌握相關(guān)教學(xué)內(nèi)容�����。 本書既可以作為高職高專院校和應(yīng)用型本科院校信息安全相關(guān)專業(yè)的教材�����,也可以作為相關(guān)技術(shù)人員的參考書�����。
王斌����,男,碩士���,副高職稱���,計(jì)算機(jī)系統(tǒng)結(jié)構(gòu)講師,網(wǎng)絡(luò)規(guī)劃設(shè)計(jì)師(高級(jí)工程師)�����,華為認(rèn)證講師,華為HCNP工程師�����,銳捷無線網(wǎng)絡(luò)工程師�����,廣東省網(wǎng)絡(luò)安全等級(jí)保護(hù)專家����,清遠(yuǎn)市計(jì)算機(jī)學(xué)會(huì)高級(jí)講師����、清遠(yuǎn)市IT精英人才,清遠(yuǎn)市網(wǎng)絡(luò)安全與維護(hù)技能大師工作室負(fù)責(zé)人����,現(xiàn)任清遠(yuǎn)職業(yè)技術(shù)學(xué)院網(wǎng)絡(luò)信息中心副主任。研究領(lǐng)域?yàn)橛?jì)算機(jī)網(wǎng)絡(luò)技術(shù)�����、網(wǎng)絡(luò)安全技術(shù)��、職業(yè)教育發(fā)展、大數(shù)據(jù)技術(shù)應(yīng)用和云計(jì)算技術(shù)應(yīng)用等����。主要講授《計(jì)算機(jī)網(wǎng)絡(luò)基礎(chǔ)》《網(wǎng)絡(luò)互聯(lián)技術(shù)》《無線局域網(wǎng)技術(shù)》《Linux網(wǎng)絡(luò)服務(wù)器配置與管理》等多門課程。主持參與省市級(jí)課題5項(xiàng)�����,發(fā)表論文10余篇��。榮獲省級(jí)校級(jí)教學(xué)成果獎(jiǎng)各1項(xiàng)����、所任教的課程《Linux網(wǎng)絡(luò)服務(wù)器配置與管理》曾榮獲廣東省職業(yè)院校教師信信息化教學(xué)大賽三等獎(jiǎng)、指導(dǎo)學(xué)生參加職業(yè)院校職業(yè)技能大賽獲國賽三等獎(jiǎng)1項(xiàng)��、省賽一等獎(jiǎng)2項(xiàng)�、省賽二等獎(jiǎng)1項(xiàng)、省賽三等獎(jiǎng)6項(xiàng)等��。
項(xiàng)目 1 Web 應(yīng)用架構(gòu)詳解 ................................................................................................................. 1
任務(wù) 1.1 認(rèn)識(shí) Web 應(yīng)用環(huán)境架構(gòu) ............................................................................................. 1
1.1.1 服務(wù)器 ........................................................................................................................ 2
1.1.2 數(shù)據(jù)庫 ........................................................................................................................ 4
1.1.3 中間件 ........................................................................................................................ 6
1.1.4 腳本語言 .................................................................................................................... 7
任務(wù) 1.2 認(rèn)識(shí) HTTP 協(xié)議 ........................................................................................................... 9
1.2.1 HTTP 基礎(chǔ)知識(shí) ......................................................................................................... 9
1.2.2 HTTP 消息 ............................................................................................................... 12
1.2.3 HTTP 請(qǐng)求方法 ....................................................................................................... 14
1.2.4 HTTP 頭部字段 ....................................................................................................... 19
1.2.5 HTTP 狀態(tài)碼 ........................................................................................................... 23
任務(wù) 1.3 認(rèn)識(shí)常見的服務(wù)端口 ................................................................................................. 29
1.3.1 FTP 21 端口 ............................................................................................................. 30
1.3.2 SSH 22 端口 ............................................................................................................. 32
1.3.3 Telnet 23 端口 .......................................................................................................... 34
1.3.4 HTTP 80 端口 .......................................................................................................... 35
1.3.5 HTTPS 443 端口 ...................................................................................................... 36
1.3.6 SMB 445 端口 .......................................................................................................... 37
1.3.7 RDP 3389 端口......................................................................................................... 39
1.3.8 MySQL 3306 端口 ................................................................................................... 41
1.3.9 MSSQL 1433 端口 ................................................................................................... 43
1.3.10 Oracle 1521 端口 .................................................................................................... 45
1.3.11 Redis 6379 端口 ..................................................................................................... 48
1.3.12 Tomcat 8080 端口 .................................................................................................. 49
項(xiàng)目 2 Web 滲透測(cè)試工具 ............................................................................................................... 51
任務(wù) 2.1 測(cè)試工具的安裝與使用 ............................................................................................. 51
2.1.1 Nmap ........................................................................................................................ 51
2.1.2 Sqlmap ...................................................................................................................... 59
2.1.3 御劍后臺(tái)掃描工具 .................................................................................................. 69
2.1.4 Metasploit ................................................................................................................. 71
2.1.5 Burp Suite ................................................................................................................. 76
2.1.6 AWVS ...................................................................................................................... 87
2.1.7 AppScan .................................................................................................................... 90
2.1.8 Nessus ....................................................................................................................... 93
項(xiàng)目 3 Web 滲透測(cè)試 .................................................................................................................... 103
任務(wù) 3.1 配置 Web 滲透測(cè)試環(huán)境 ......................................................................................... 103
3.1.1 虛擬機(jī)工具的安裝 ................................................................................................ 103
3.1.2 集成環(huán)境 ................................................................................................................ 109
3.1.3 靶場(chǎng)部署 ................................................................................................................ 112
任務(wù) 3.2 學(xué)習(xí) Web 應(yīng)用信息收集 ......................................................................................... 119
3.2.1 子域名收集 ............................................................................................................ 120
3.2.2 WHOIS 信息收集 .................................................................................................. 124
3.2.3 主機(jī)信息收集 ........................................................................................................ 126
3.2.4 敏感信息收集 ........................................................................................................ 133
任務(wù) 3.3 學(xué)習(xí) Web 滲透測(cè)試方法 ......................................................................................... 137
3.3.1 XSS(跨站腳本攻擊) ......................................................................................... 138
3.3.2 SQL 注入漏洞 ........................................................................................................ 144
3.3.3 CSRF(跨站請(qǐng)求偽造) ....................................................................................... 151
3.3.4 SSRF(服務(wù)端請(qǐng)求偽造) ................................................................................... 154
3.3.5 暴力破解 ................................................................................................................ 159
3.3.6 邏輯漏洞 ................................................................................................................ 162
3.3.7 任意文件上傳 ........................................................................................................ 166
3.3.8 XXE(XML 外部實(shí)體注入) .............................................................................. 171
3.3.9 代碼執(zhí)行 ................................................................................................................ 174
3.3.10 命令執(zhí)行 .............................................................................................................. 176
項(xiàng)目 4 Web 滲透測(cè)試實(shí)戰(zhàn) ............................................................................................................. 179
任務(wù) 4.1 安裝與配置實(shí)驗(yàn)靶場(chǎng) ............................................................................................... 179
4.1.1 VulFocus 靶場(chǎng)介紹 ................................................................................................ 179
4.1.2 VulFocus 靶場(chǎng)的安裝 ............................................................................................ 180
4.1.3 VulFocus 靶場(chǎng)的使用 ............................................................................................ 183
任務(wù) 4.2 實(shí)戰(zhàn) CVE 漏洞 ......................................................................................................... 187
4.2.1 CVE-2017-11629(反射型 XSS) ........................................................................ 188
4.2.2 CVE-2019-8924(存儲(chǔ)型 XSS) .......................................................................... 189
4.2.3 CVE-2022-32300(SQL 注入) ........................................................................... 191
4.2.4 CVE-2019-14234(SQL 注入) ........................................................................... 197
4.2.5 CVE-2014-4210(服務(wù)端請(qǐng)求偽造) .................................................................. 201
4.2.6 CVE-2022-23983(跨站請(qǐng)求偽造) .................................................................... 203
4.2.7 CVE-2018-12491(文件上傳) ............................................................................ 205
4.2.8 CVE-2019-8933(文件上傳) .............................................................................. 208
4.2.9 CVE-2018-1002015(代碼執(zhí)行) ........................................................................ 212
4.2.10 CVE-2020-35339(代碼執(zhí)行) .......................................................................... 213
4.2.11 CVE-2021-32305(命令注入) .......................................................................... 215
4.2.12 CVE-2021-43287(任意文件讀����。 .................................................................. 217
4.2.13 CVE-2021-36749(任意文件讀取) .................................................................. 218
