Book Image

Web Penetration Testing with Kali Linux 2.0, Second Edition

Book Image

Web Penetration Testing with Kali Linux 2.0, Second Edition

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Web Penetration Testing with Kali Linux 2.0, Second Edition
Nov, 2015 | 312 pages
No titles found
Table of Contents (17 chapters)
Web Penetration Testing with Kali Linux Second Edition
Web Penetration Testing with Kali Linux Second Edition
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to Penetration Testing and Web Applications
Introduction to Penetration Testing and Web Applications
Proactive security testing
Rules of engagement
The limitations of penetration testing
The need for testing web applications
Social engineering attacks
A web application overview for penetration testers
Summary
2
Setting up Your Lab with Kali Linux
Setting up Your Lab with Kali Linux
Kali Linux
Important tools in Kali Linux
Using Tor for penetration testing
Summary
3
Reconnaissance and Profiling the Web Server
Reconnaissance and Profiling the Web Server
Reconnaissance
Scanning – probing the target
Summary
4
Major Flaws in Web Applications
Major Flaws in Web Applications
Information leakage
Authentication issues
Path traversal
Injection-based flaws
Cross-site scripting
Cross-site request forgery
Session-based flaws
File inclusion vulnerability
HTTP parameter pollution
HTTP response splitting
Summary
5
Attacking the Server Using Injection-based Flaws
Attacking the Server Using Injection-based Flaws
Command injection
SQL injection
Summary
6
Exploiting Clients Using XSS and CSRF Flaws
Exploiting Clients Using XSS and CSRF Flaws
The origin of cross-site scripting
An overview of cross-site scripting
Types of cross-site scripting
XSS and JavaScript – a deadly combination
Scanning for XSS flaws
Cross-site request forgery
Summary
7
Attacking SSL-based Websites
Attacking SSL-based Websites
Secure socket layer
Summary
8
Exploiting the Client Using Attack Frameworks
Exploiting the Client Using Attack Frameworks
Social engineering attacks
Social engineering toolkit
Spear-phishing attack
Website attack
Browser exploitation framework
Summary
9
AJAX and Web Services – Security Issues
AJAX and Web Services – Security Issues
Introduction to AJAX
Web services
Summary
10
Fuzzing Web Applications
Fuzzing Web Applications
Fuzzing basics
Types of fuzzing techniques
Summary
Index
Index

About the Reviewers

Olivier Le Moal is a young System Security Engineer, working in the French online poker industry. He is an open source enthusiast and holds OSCP certification. He also runs a French security blog (blog.olivierlemoal.fr).

Gilberto Najera-Gutierrez leads the Security Testing Team (STT) at Sm4rt Security Services, one of the top security firms in Mexico. He also is an Offensive Security Certified Professional (OSCP), an EC-Council Certified Security Administrator (ECSA) and holds a Master's degree in Computer Science with specialization in Artificial Intelligence.Working as a Penetration Tester since 2013 and being a security enthusiast since high school, he has successfully conducted penetration tests to networks and applications of some the biggest corporations in Mexico, government agencies, and financial institutions.

Janusz Oppermann is an enthusiastic and passionate security specialist and ethical hacker. He is currently working at Deloitte The Netherlands as an ethical hacker/security professional. He is experienced with security testing of (wifi-) network infrastructures, web applications, and mobile applications. Because of his broad experience with network infrastructures and security solutions in different types of organizations, he is able to find security issues, estimate risks, and give consultations on the subject. He holds several security-related certifications such as CISSP, OSCP, CCNP Security, and CEH.

Previous Section
Next Chapter