Book Image

Web Penetration Testing with Kali Linux 2.0, Second Edition

Book Image

Web Penetration Testing with Kali Linux 2.0, Second Edition

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Web Penetration Testing with Kali Linux 2.0, Second Edition
Nov, 2015 | 312 pages
No titles found
Table of Contents (17 chapters)
Web Penetration Testing with Kali Linux Second Edition
Web Penetration Testing with Kali Linux Second Edition
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to Penetration Testing and Web Applications
Introduction to Penetration Testing and Web Applications
Proactive security testing
Rules of engagement
The limitations of penetration testing
The need for testing web applications
Social engineering attacks
A web application overview for penetration testers
Summary
2
Setting up Your Lab with Kali Linux
Setting up Your Lab with Kali Linux
Kali Linux
Important tools in Kali Linux
Using Tor for penetration testing
Summary
3
Reconnaissance and Profiling the Web Server
Reconnaissance and Profiling the Web Server
Reconnaissance
Scanning – probing the target
Summary
4
Major Flaws in Web Applications
Major Flaws in Web Applications
Information leakage
Authentication issues
Path traversal
Injection-based flaws
Cross-site scripting
Cross-site request forgery
Session-based flaws
File inclusion vulnerability
HTTP parameter pollution
HTTP response splitting
Summary
5
Attacking the Server Using Injection-based Flaws
Attacking the Server Using Injection-based Flaws
Command injection
SQL injection
Summary
6
Exploiting Clients Using XSS and CSRF Flaws
Exploiting Clients Using XSS and CSRF Flaws
The origin of cross-site scripting
An overview of cross-site scripting
Types of cross-site scripting
XSS and JavaScript – a deadly combination
Scanning for XSS flaws
Cross-site request forgery
Summary
7
Attacking SSL-based Websites
Attacking SSL-based Websites
Secure socket layer
Summary
8
Exploiting the Client Using Attack Frameworks
Exploiting the Client Using Attack Frameworks
Social engineering attacks
Social engineering toolkit
Spear-phishing attack
Website attack
Browser exploitation framework
Summary
9
AJAX and Web Services – Security Issues
AJAX and Web Services – Security Issues
Introduction to AJAX
Web services
Summary
10
Fuzzing Web Applications
Fuzzing Web Applications
Fuzzing basics
Types of fuzzing techniques
Summary
Index
Index

Chapter 7. Attacking SSL-based Websites

One of the main objectives of information security is protecting the confidentiality of the data. In a web application, the aim is to ensure that the data exchanged between the user and the application is secure and hidden from any third party. The data, when stored at the server also needs to be secured from hackers. Cryptography is used to protect the confidentiality as well as the integrity of data.

Encryption is the most widely accepted form of cryptography that is used to protect information. It is used to protect sensitive data against threats like sniffing or data being altered during storage and transmission. When the data flows on the network unencrypted, the attacker can tap in and sniff the data. If the sniffed data contains the authentication credentials, the attacker can hijack the session. Hence, we need encryption. When the data is encrypted, the plaintext is converted into cipher text, which can only be decrypted with the help of a secret...

Previous Section
End of Section 1
Next Section