Reconnaissance is a term and a technique used by defence forces to obtain information about the enemy in a way that does not alert the other side. The same method is applied by a malicious user to obtain information related to the target. Information gathering is the main aim of reconnaissance. Any information gathered at this initial stage is to be considered important. The attacker working with a malicious content builds on the information learned during the reconnaissance stage and gradually moves ahead with the exploitation. A small bit of information that looks innocuous may help you in highlighting a severe flaw in the later stages of the test. A good penetration tester is the one who knows how to identify low risk vulnerabilities that have a potential of causing huge damage under some conditions. An attacker would be eyeing a single vulnerability to exploit, and your task is to make the system hack-proof by identifying even the smallest vulnerability that the attacker...
Web Penetration Testing with Kali Linux 2.0, Second Edition
Web Penetration Testing with Kali Linux 2.0, Second Edition
Overview of this book
Table of Contents (17 chapters)
Web Penetration Testing with Kali Linux Second Edition
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
Introduction to Penetration Testing and Web Applications
Setting up Your Lab with Kali Linux
Reconnaissance and Profiling the Web Server
Major Flaws in Web Applications
Attacking the Server Using Injection-based Flaws
Exploiting Clients Using XSS and CSRF Flaws
Attacking SSL-based Websites
Exploiting the Client Using Attack Frameworks
AJAX and Web Services – Security Issues
Fuzzing Web Applications
Index
Customer Reviews