- Home /
- Shop All /
- Networking & Security /
- IT Fundamentals /
- (Reference Guide) Web Penetration Testing with Kali Linux - Third Edition
Book Description
Web Penetration Testing with Kali Linux - Third Edition shows you how to set up a lab, helps you understand the nature and mechanics of attacking websites, and explains classical attacks in great depth. This edition is heavily updated for the latest Kali Linux changes and the most recent attacks. Kali Linux shines when it comes to client-side attacks and fuzzing in particular.
From the start of the book, you'll be given a thorough grounding in the concepts of hacking and penetration testing, and you'll see the tools used in Kali Linux that relate to web application hacking. You'll gain a deep understanding of classicalSQL, command-injection flaws, and the many ways to exploit these flaws. Web penetration testing also needs a general overview of client-side attacks, which is rounded out by a long discussion of scripting and input validation flaws.
There is also an important chapter on cryptographic implementation flaws, where we discuss the most recent problems with cryptographic layers in the networking stack.
The importance of these attacks cannot be overstated, and defending against them is relevant to most internet users and, of course, penetration testers.
At the end of the book, you'll use an automated technique called fuzzing to identify flaws in a web application. Finally, you'll gain an understanding of web application vulnerabilities and the ways they can be exploited using the tools in Kali Linux.
What You Will Learn
- Learn how to set up your lab with Kali Linux
- Understand the core concepts of web penetration testing
- Get to know the tools and techniques you need to use with Kali Linux
- Identify the difference between hacking a web application and network hacking
- Expose vulnerabilities present in web servers and their applications using server-side attacks
- Understand the different techniques used to identify the flavor of web applications
- See standard attacks such as exploiting cross-site request forgery and cross-site scripting flaws
- Get an overview of the art of client-side attacks
- Explore automated attacks such as fuzzing web applications
Table of Contents
1: Introduction to Penetration Testing and Web Applications
- Proactive security testing
- Considerations when performing penetration testing
- Kali Linux
- A web application overview for penetration testers
- Summary
2: Setting Up Your Lab with Kali Linux
- Kali Linux
- Important tools in Kali Linux
- Vulnerable applications and servers to practice on
- Summary
3: Reconnaissance and Profiling the Web Server
- Reconnaissance
- Information gathering
- Scanning – probing the target
- Summary
4: Authentication and Session Management Flaws
- Authentication schemes in web applications
- Session management mechanisms
- Common authentication flaws in web applications
- Detecting and exploiting improper session management
- Preventing authentication and session attacks
- Summary
5: Detecting and Exploiting Injection-Based Flaws
- Command injection
- SQL injection
- XML injection
- NoSQL injection
- Mitigation and prevention of injection vulnerabilities
- Summary
6: Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
- An overview of Cross-Site Scripting
- Exploiting Cross-Site Scripting
- Scanning for XSS flaws
- Preventing and mitigating Cross-Site Scripting
- Summary
7: Cross-Site Request Forgery, Identification, and Exploitation
- Testing for CSRF flaws
- Exploiting a CSRF flaw
- Preventing CSRF
- Summary
8: Attacking Flaws in Cryptographic Implementations
- A cryptography primer
- Secure communication over SSL/TLS
- Identifying weak implementations of SSL/TLS
- Custom encryption protocols
- Common flaws in sensitive data storage and transmission
- Preventing flaws in cryptographic implementations
- Summary
9: AJAX, HTML5, and Client-Side Attacks
- Crawling AJAX applications
- Analyzing the client-side code and storage
- HTML5 for penetration testers
- Bypassing client-side controls
- Mitigating AJAX, HTML5, and client-side vulnerabilities
- Summary
10: Other Common Security Flaws in Web Applications
- Insecure direct object references
- File inclusion vulnerabilities
- HTTP parameter pollution
- Information disclosure
- Mitigation
- Summary
11: Using Automated Scanners on Web Applications
- Considerations before using an automated scanner
- Web application vulnerability scanners in Kali Linux
- Content Management Systems scanners
- Fuzzing web applications
- Post-scanning actions
- Summary
SKU | 031047S |
---|---|
Weight | 2.2490 |
Coming Soon | No |
Days of Training | No |
Audience | Student |
Product Family | Partnerware |
Product Type | Print Courseware |
Electronic | No |
ISBN | 1788623377 |
Language | English |
Page Count | 420 |
Curriculum Library | Linux |
Year | No |
Manufacturer's Product Code | No |
Current Revision | 1.0 |
---|---|
Revision Notes | No Revision Information Available |
Original Publication Date | 2018-10-18 00:00:00 |
-
(Reference Guide) Web Penetration Testing with Kali Linux - Third Edition eBook
(031047SE) Student Digital Courseware$39.99