Book Image

Web Penetration Testing with Kali Linux 2.0, Second Edition

Book Image

Web Penetration Testing with Kali Linux 2.0, Second Edition

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Web Penetration Testing with Kali Linux 2.0, Second Edition
Nov, 2015 | 312 pages
No titles found
Table of Contents (17 chapters)
Web Penetration Testing with Kali Linux Second Edition
Web Penetration Testing with Kali Linux Second Edition
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to Penetration Testing and Web Applications
Introduction to Penetration Testing and Web Applications
Proactive security testing
Rules of engagement
The limitations of penetration testing
The need for testing web applications
Social engineering attacks
A web application overview for penetration testers
Summary
2
Setting up Your Lab with Kali Linux
Setting up Your Lab with Kali Linux
Kali Linux
Important tools in Kali Linux
Using Tor for penetration testing
Summary
3
Reconnaissance and Profiling the Web Server
Reconnaissance and Profiling the Web Server
Reconnaissance
Scanning – probing the target
Summary
4
Major Flaws in Web Applications
Major Flaws in Web Applications
Information leakage
Authentication issues
Path traversal
Injection-based flaws
Cross-site scripting
Cross-site request forgery
Session-based flaws
File inclusion vulnerability
HTTP parameter pollution
HTTP response splitting
Summary
5
Attacking the Server Using Injection-based Flaws
Attacking the Server Using Injection-based Flaws
Command injection
SQL injection
Summary
6
Exploiting Clients Using XSS and CSRF Flaws
Exploiting Clients Using XSS and CSRF Flaws
The origin of cross-site scripting
An overview of cross-site scripting
Types of cross-site scripting
XSS and JavaScript – a deadly combination
Scanning for XSS flaws
Cross-site request forgery
Summary
7
Attacking SSL-based Websites
Attacking SSL-based Websites
Secure socket layer
Summary
8
Exploiting the Client Using Attack Frameworks
Exploiting the Client Using Attack Frameworks
Social engineering attacks
Social engineering toolkit
Spear-phishing attack
Website attack
Browser exploitation framework
Summary
9
AJAX and Web Services – Security Issues
AJAX and Web Services – Security Issues
Introduction to AJAX
Web services
Summary
10
Fuzzing Web Applications
Fuzzing Web Applications
Fuzzing basics
Types of fuzzing techniques
Summary
Index
Index

Summary

We have to deal with flaws in web applications at every level. Some of the flaws are due to default configuration, but the majority of them exist because security risks are not considered when developing the application. Secure software development lifecycle is the way forward which factors in the security aspects of the application at every stage of development, that is, from requirement gathering till the final release of the product. As discussed in this chapter, proper input validation holds the key to mitigate majority of the attacks and the attacker would always be on their toes, trying to circumvent the mitigation. Adding security at each stage of application development will reduce the overall risk in the software produced.

In the next chapter, we will look at injection flaws and different ways to exploit them using the tools in Kali Linux.

Previous Section
End of Chapter 4
Next Chapter