1st Edition

Web Application PenTesting A Comprehensive Guide for Professionals

By Yassine Maleh Copyright 2024
    180 Pages
    by River Publishers

    This is an essential resource for navigating the complex, high-stakes world of cybersecurity. It bridges the gap between foundational cybersecurity knowledge and its practical application in web application security. Designed for professionals who may lack formal training in cybersecurity or those seeking to update their skills, this book offers a crucial toolkit for defending against the rising tide of cyber threats.

    As web applications become central to our digital lives, understanding and countering web-based threats is imperative for IT professionals across various sectors. This book provides a structured learning path from basic security principles to advanced penetration testing techniques, tailored for both new and experienced cybersecurity practitioners.

    • Explore the architecture of web applications and the common vulnerabilities as identified by industry leaders like OWASP.
    • Gain practical skills in information gathering, vulnerability assessment, and the exploitation of security gaps.
    • Master advanced tools such as Burp Suite and learn the intricacies of various attack strategies through real-world case studies.
    • Dive into the integration of security practices into development processes with a detailed look at DevSecOps and secure coding practices.

    ""Web Application PenTesting"" is more than a technical manual—it is a guide designed to equip its readers with the analytical skills and knowledge to make informed security decisions, ensuring robust protection for digital assets in the face of evolving cyber threats. Whether you are an engineer, project manager, or technical leader, this book will empower you to fortify your web applications and contribute effectively to your organization’s cybersecurity efforts.

    1. Preface

    2. Penetration Testing Methodologies

    3. Understanding Web Application Security

    4. Information Gathering and OSINT for Pentesting

    5. Web Vulnerability assessment

    6. Web Applications Pentesting Basics

    7. Web Penetration Testing with Burp Suite

    8. Mastering DevSecOps for Web Application Penetration Testing

    9. Insights into Penetration Testing Reports


    Prof. Yassine Maleh is an Associate professor of cybersecurity and IT governance at Sultan Moulay Slimane University, Morocco, since 2019. He is the founding chair of IEEE Consultant Network Morocco and founding president of the African Research Center of Information Technology & Cybersecurity. He is a former CISO at the National Port Agency between 2012-2019. He is a senior member of IEEE and a member of the International Association of Engineers IAENG and The Machine Intelligence Research Labs. Dr Maleh has made contributions in the fields of information security and privacy, Internet of things security, wireless and constrained networks security. His research interests include information security and privacy, Internet of things, networks security, information system, and IT governance. He has published over than 200 papers (book chapters, international journals, and conferences/workshops), 40 edited books, and 5 authored books. He is the editor-in-chief of the International Journal of Information Security and Privacy (IJISP, IF: 0.8), and the International Journal of Smart Security Technologies (IJSST). He serves as an associate editor for IEEE Access, since 2019 (Impact Factor 4.098), the International Journal of Digital Crime and Forensics (IJDCF), and the International Journal of Information Security and Privacy (IJISP). He is a series editor of Advances in Cybersecurity Management, by CRC Taylor & Francis. He was also a guest editor for many special issues with prestigious journals (IEEE transactions on industrial informatics, IEEE Engineering Management Review, Sensors, Big Data Journal). He has served and continues to serve on executive and technical program committees and as a reviewer of numerous international conferences and journals such as Elsevier Ad Hoc Networks, IEEE Network Magazine, IEEE Sensor Journal, ICT Express, and Springer Cluster Computing. He was the General chair and publication chair of many international conferences (BCCA 2019, MLBDACP 19, ICI2C’21, ICACNGC 2022, CCSET'22, IEEE ISC2 2022, ISGTA'24, etc...). He received Publons Top 1% reviewer award for the years 2018 and 2019. He holds numerous certifications demonstrating his knowledge and expertise in the field of cybersecurity from major organisations such as ISC2, Fortinet, CEH, Cisco, IBM, Microsoft, CompTIA and others.