- 1:Hoofdstuk één - Inleiding
- 1.1:Over de auteur
- 1.2:De passie
- 1.3:Omgeving
- 1.4:Stel een doel
- 1.5:Fuzzing
- 1.6:Volharding en geluk
- 1.7:Sociale media
- 1.8:De basis
- 1.9:Samenvatting
- 2:Hoofdstuk twee - JavaScript zonder haakjes
- 2.1:Functies aanroepen zonder haakjes
- 2.2:Functies aanroepen met argumenten zonder haakjes
- 2.3:Throw-instructies
- 2.4:Tagged templates
- 2.5:Has instance-symbool
- 2.6:Samenvatting
- 3:Hoofdstuk drie - Fuzzing
- 3.1:De waarheid
- 3.2:Fuzzing van JavaScript-URL’s
- 3.3:Fuzzing van HTTP-URL’s
- 3.4:Fuzzing van HTML
- 3.5:Fuzzing van bekende gedragingen
- 3.6:Fuzzing ontsnappingen
- 3.7:Samenvatting
- 4:Hoofdstuk vier - DOM voor hackers
- 4.1:Waar is mijn venster?
- 4.2:Bereik van een HTML-gebeurtenis
- 4.3:DOM clobbering
- 4.4:Samenvatting
- 5:Hoofdstuk vijf - Browser exploits
- 5.1:Inleiding
- 5.2:Firefox onjuiste behandeling van kruis-origine URLs
- 5.3:Safari toewijzingen aan cross-origin hostnamen
- 5.4:Internet Explorer volledige SOP omzeiling
- 5.5:Chrome gedeeltelijke SOP infolek
- 5.6:Volledige SOP-bypass van Safari
- 5.7:Opera SOP-omzeiling
- 5.8:Samenvatting
- 6:Hoofdstuk zes - Prototypevervuiling
- 6.1:Inleiding
- 6.2:Client-side prototypevervuiling
- 6.3:Server-side prototype-vervuiling
- 6.4:Samenvatting
- 7:Hoofdstuk zeven - Niet-alfanumerieke JavaScript
- 7.1:Het schrijven van niet-alfanumerieke JavaScript
- 7.2:Non-alpha zonder haakjes
- 7.3:De zes karaktermuur
- 7.4:Oneindigheid en verder
- 7.5:Samenvatting
- 8:Hoofdstuk acht - XSS
- 8.1:Sluiten van scripts
- 8.2:Commentaar binnen scripts
- 8.3:HTML-entiteiten binnen SVG-scripts
- 8.4:Script zonder afsluitend script
- 8.5:Window name payloads
- 8.6:Toewijsbare protocol
- 8.7:Source maps om pingbacks te creëren
- 8.8:Nieuwe omleidingsmethode
- 8.9:JavaScript-commentaar
- 8.10:Nieuwe regels
- 8.11:Witruimte
- 8.12:Dynamische imports
- 8.13:XHTML-naamruimte in XML
- 8.14:SVG-uploads
- 8.15:SVG use-elementen
- 8.16:HTML-entiteiten
- 8.17:Gebeurtenissen
- 8.18:XSS in verborgen invoervelden
- 8.19:Popovers
- 8.20:Samenvatting
- 9:Credits
- 1:Hoofdstuk één - Inleiding
JavaScript voor hackers (Nederlandse Editie)
Leer te denken als een hacker
Leer hoe je interessant gedrag en fouten in JavaScript kunt vinden. Door dit boek te lezen, ontdek je de nieuwste en beste technieken voor het hacken van JavaScript en het genereren van XSS-payloads. Inclusief manieren om JavaScript te construeren met alleen +[]()! karakters. Nog nooit gehoord van DOM Clobbering? Dit boek bevat alle details.
This book is a translation into Dutch of JavaScript for hackers which was originally written in English
Minimum price
$20.00
$35.00
You pay
$35.00Authors earn
$28.00PDF
EPUB
WEB
About
About the Book
Heb je je ooit afgevraagd hoe een hacker benaderingen vindt om fouten in de browser en JavaScript te ontdekken? Dit boek deelt de gedachteprocessen en geeft je de tools om je eigen fouten te vinden. Het deelt de basisprincipes van JavaScript-hacken, en legt vervolgens uit hoe je JavaScript-payloads kunt construeren zonder haakjes te gebruiken.
- Laat zien hoe je fouten kunt vinden met fuzzing en hoe je miljoenen karakters in seconden kunt fuzzing.
- Wil je de DOM hacken? Dit boek helpt je daarbij.
- Lees in detail over verschillende browser-SOP-bypasses die de auteur heeft gevonden.
- Geen idee over client-side prototypevervuiling? Dit is het boek voor jou!
- Wil je de nieuwste en beste XSS-technieken leren? Dan moet je dit boek kopen.
Feedback
This book is a translation into Dutch of JavaScript for hackers which was originally written in English
Author
About the Authors
Gareth Heyes
PortSwigger researcher Gareth Heyes is probably best known for his work escaping JavaScript sandboxes, and creating super-elegant XSS vectors. When he's not co-authoring books (like the recent title, Web Application Obfuscation), Gareth is a father to two wonderful girls and husband to an amazing wife, as well as an ardent fan of Liverpool FC.
In his daily life at PortSwigger, Gareth can often be found creating new XSS vectors, researching new techniques to attack web applications, and preparing to speak at conferences around the globe. A recent highlight was his presentation "XSS Magic Tricks" at OWASP Allstars Amsterdam, 2019. He's also the author of PortSwigger's XSS Cheat Sheet. In his spare time he loves writing new BApp extensions (he's the creator of both Hackvertor and Taborator).
Episode 255
An Interview with Gareth Heyes
TranslateAI
Leanpub now has a TranslateAI service which uses AI to translate their book from English into up to 31 languages, or from one of those 31 languages into English. We also have a GlobalAuthor bundle which uses TranslateAI to translate English-language books into either 8 or 31 languages.
Leanpub exists to serve our authors. We want to help you reach as many readers as possible, in their preferred language. So, just as Leanpub automates the process of publishing a PDF and EPUB ebook, we've now automated the process of translating those books!
Contents
Table of Contents
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
Write and Publish on Leanpub
You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!
Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.
Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.