Book Image

Web Penetration Testing with Kali Linux

Book Image

Web Penetration Testing with Kali Linux

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Web Penetration Testing with Kali Linux
Nov, 2015 | 312 pages
No titles found
Table of Contents (17 chapters)
Web Penetration Testing with Kali Linux Second Edition
Web Penetration Testing with Kali Linux Second Edition
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to Penetration Testing and Web Applications
Introduction to Penetration Testing and Web Applications
Proactive security testing
Rules of engagement
The limitations of penetration testing
The need for testing web applications
Social engineering attacks
A web application overview for penetration testers
Summary
2
Setting up Your Lab with Kali Linux
Setting up Your Lab with Kali Linux
Kali Linux
Important tools in Kali Linux
Using Tor for penetration testing
Summary
3
Reconnaissance and Profiling the Web Server
Reconnaissance and Profiling the Web Server
Reconnaissance
Scanning – probing the target
Summary
4
Major Flaws in Web Applications
Major Flaws in Web Applications
Information leakage
Authentication issues
Path traversal
Injection-based flaws
Cross-site scripting
Cross-site request forgery
Session-based flaws
File inclusion vulnerability
HTTP parameter pollution
HTTP response splitting
Summary
5
Attacking the Server Using Injection-based Flaws
Attacking the Server Using Injection-based Flaws
Command injection
SQL injection
Summary
6
Exploiting Clients Using XSS and CSRF Flaws
Exploiting Clients Using XSS and CSRF Flaws
The origin of cross-site scripting
An overview of cross-site scripting
Types of cross-site scripting
XSS and JavaScript – a deadly combination
Scanning for XSS flaws
Cross-site request forgery
Summary
7
Attacking SSL-based Websites
Attacking SSL-based Websites
Secure socket layer
Summary
8
Exploiting the Client Using Attack Frameworks
Exploiting the Client Using Attack Frameworks
Social engineering attacks
Social engineering toolkit
Spear-phishing attack
Website attack
Browser exploitation framework
Summary
9
AJAX and Web Services – Security Issues
AJAX and Web Services – Security Issues
Introduction to AJAX
Web services
Summary
10
Fuzzing Web Applications
Fuzzing Web Applications
Fuzzing basics
Types of fuzzing techniques
Summary
Index
Index

Types of fuzzing techniques

Fuzzing can be broadly categorized as smart and dumb fuzzing. In technical terms, it is known as Mutation fuzzing and Generation fuzzing. Providing random data as input is what fuzzing is all about. The input can be entirely random with no relation and knowledge about what the desired input should look like, or the input can be generated emulating valid input data with some alteration (hence the name generation fuzzing).

Mutation fuzzing

Mutation fuzzing, or Dumb fuzzing, employs a faster approach using sample data, but it lacks understanding of the format and structure of the desired input. Using Mutation fuzzing, you can create your fuzzer without much effort. The Mutation fuzzing technique uses a sample input and mutates it in a random way. For each fuzzing attempt, the data is mutated resulting in different input on subsequent fuzzing attempts. Bit flipping is one of methods that a Mutation fuzzer can use. A Dumb fuzzer could be as simple as piping the output...

Previous Section
End of Section 3
Next Section