Book Image

Web Penetration Testing with Kali Linux 2.0, Second Edition

Book Image

Web Penetration Testing with Kali Linux 2.0, Second Edition

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Web Penetration Testing with Kali Linux 2.0, Second Edition
Nov, 2015 | 312 pages
No titles found
Table of Contents (17 chapters)
Web Penetration Testing with Kali Linux Second Edition
Web Penetration Testing with Kali Linux Second Edition
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to Penetration Testing and Web Applications
Introduction to Penetration Testing and Web Applications
Proactive security testing
Rules of engagement
The limitations of penetration testing
The need for testing web applications
Social engineering attacks
A web application overview for penetration testers
Summary
2
Setting up Your Lab with Kali Linux
Setting up Your Lab with Kali Linux
Kali Linux
Important tools in Kali Linux
Using Tor for penetration testing
Summary
3
Reconnaissance and Profiling the Web Server
Reconnaissance and Profiling the Web Server
Reconnaissance
Scanning – probing the target
Summary
4
Major Flaws in Web Applications
Major Flaws in Web Applications
Information leakage
Authentication issues
Path traversal
Injection-based flaws
Cross-site scripting
Cross-site request forgery
Session-based flaws
File inclusion vulnerability
HTTP parameter pollution
HTTP response splitting
Summary
5
Attacking the Server Using Injection-based Flaws
Attacking the Server Using Injection-based Flaws
Command injection
SQL injection
Summary
6
Exploiting Clients Using XSS and CSRF Flaws
Exploiting Clients Using XSS and CSRF Flaws
The origin of cross-site scripting
An overview of cross-site scripting
Types of cross-site scripting
XSS and JavaScript – a deadly combination
Scanning for XSS flaws
Cross-site request forgery
Summary
7
Attacking SSL-based Websites
Attacking SSL-based Websites
Secure socket layer
Summary
8
Exploiting the Client Using Attack Frameworks
Exploiting the Client Using Attack Frameworks
Social engineering attacks
Social engineering toolkit
Spear-phishing attack
Website attack
Browser exploitation framework
Summary
9
AJAX and Web Services – Security Issues
AJAX and Web Services – Security Issues
Introduction to AJAX
Web services
Summary
10
Fuzzing Web Applications
Fuzzing Web Applications
Fuzzing basics
Types of fuzzing techniques
Summary
Index
Index

Summary

This chapter was all about Kali Linux. We started by understanding the different ways in which Kali Linux can be installed and scenarios where we would be using it. Virtualizing Kali Linux is an attractive option and we discussed the pro and cons for it. Once we had Kali Linux up and running, we did an overview of the major hacking tools that we would be using to test web applications. Burp suite is a really interesting and feature-rich tool that we would be using throughout the book. We then discussed web vulnerability scanners that are of great use to identify flaws and configuration issues in well-known web servers. Finally, we set up Tor and Privoxy to emulate a real world attacker that would hide his or her real identity and location.

In the next chapter, we would perform reconnaissance, scan web applications, and identify underlying technologies used that would act as a base for further exploitation.

Previous Section
End of Chapter 2
Next Chapter