Book description
Build your defense against web attacks with Kali Linux 2.0
About This Book
- Gain a deep understanding of the flaws in web applications and exploit them in a practical manner
- Get hands-on web application hacking experience with a range of tools in Kali Linux 2.0
- Develop the practical skills required to master multiple tools in the Kali Linux 2.0 toolkit
Who This Book Is For
If you are already working as a network penetration tester and want to expand your knowledge of web application hacking, then this book tailored for you. Those who are interested in learning more about the Kali Sana tools that are used to test web applications will find this book a thoroughly useful and interesting guide.
What You Will Learn
- Set up your lab with Kali Linux 2.0
- Identify the difference between hacking a web application and network hacking
- Understand the different techniques used to identify the flavor of web applications
- Expose vulnerabilities present in web servers and their applications using server-side attacks
- Use SQL and cross-site scripting (XSS) attacks
- Check for XSS flaws using the burp suite proxy
- Find out about the mitigation techniques used to negate the effects of the Injection and Blind SQL attacks
In Detail
Kali Linux 2.0 is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. It contains several hundred tools aimed at various information security tasks such as penetration testing, forensics, and reverse engineering.
At the beginning of the book, you will be introduced to the concepts of hacking and penetration testing and will get to know about the tools used in Kali Linux 2.0 that relate to web application hacking. Then, you will gain a deep understanding of SQL and command injection flaws and ways to exploit the flaws. Moving on, you will get to know more about scripting and input validation flaws, AJAX, and the security issues related to AJAX.
At the end of the book, you will use an automated technique called fuzzing to be able to identify flaws in a web application. Finally, you will understand the web application vulnerabilities and the ways in which they can be exploited using the tools in Kali Linux 2.0.
Style and approach
This step-by-step guide covers each topic with detailed practical examples. Every concept is explained with the help of illustrations using the tools available in Kali Linux 2.0.
Table of contents
-
Web Penetration Testing with Kali Linux Second Edition
- Table of Contents
- Web Penetration Testing with Kali Linux Second Edition
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Preface
-
1. Introduction to Penetration Testing and Web Applications
- Proactive security testing
- Rules of engagement
- The limitations of penetration testing
- The need for testing web applications
- Social engineering attacks
- A web application overview for penetration testers
- Summary
- 2. Setting up Your Lab with Kali Linux
-
3. Reconnaissance and Profiling the Web Server
- Reconnaissance
-
Scanning – probing the target
- Port scanning using Nmap
- Identifying the operating system using Nmap
- Profiling the server
- Summary
- 4. Major Flaws in Web Applications
-
5. Attacking the Server Using Injection-based Flaws
- Command injection
- SQL injection
- Summary
- 6. Exploiting Clients Using XSS and CSRF Flaws
- 7. Attacking SSL-based Websites
- 8. Exploiting the Client Using Attack Frameworks
- 9. AJAX and Web Services – Security Issues
- 10. Fuzzing Web Applications
- Index
Product information
- Title: Web Penetration Testing with Kali Linux - Second Edition
- Author(s):
- Release date: November 2015
- Publisher(s): Packt Publishing
- ISBN: 9781783988525
You might also like
book
Web Penetration Testing with Kali Linux - Third Edition
Build your defense against web attacks with Kali Linux, including command injection flaws, crypto implementation layers, …
book
Web Penetration Testing with Kali Linux
Testing web security is best done through simulating an attack. Kali Linux lets you do this …
book
Mastering Kali Linux for Advanced Penetration Testing - Second Edition
A practical guide to testing your network’s security with Kali Linux, the preferred choice of penetration …
book
Mastering Kali Linux for Advanced Penetration Testing - Third Edition
A practical guide to testing your infrastructure security with Kali Linux, the preferred choice of pentesters …