7. Pentesting of SQLI and XSS | Python Penetration Testing Essentials

Sign In Start Free Trial

Book Overview & Buying
Table Of Contents

Python Penetration Testing Essentials

By : Mohit Raj

3 (9)

Python Penetration Testing Essentials

3 (9)

By: Mohit Raj

Overview of this book

If you are a Python programmer or a security researcher who has basic knowledge of Python programming and want to learn about penetration testing with the help of Python, this book is ideal for you. Even if you are new to the field of ethical hacking, this book can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion.

Preface

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Free Chapter

1. Python with Penetration Testing and Networking

1. Python with Penetration Testing and Networking

Introducing the scope of pentesting

Approaches to pentesting

Introducing Python scripting

Understanding the tests and tools you'll need

Learning the common testing platforms with Python

Network sockets

Server socket methods

Client socket methods

General socket methods

Moving on to the practical

Summary

2. Scanning Pentesting

2. Scanning Pentesting

How to check live systems in a network and the concept of a live system

What are the services running on the target machine?

Summary

3. Sniffing and Penetration Testing

3. Sniffing and Penetration Testing

Introducing a network sniffer

Implementing a network sniffer using Python

Learning about packet crafting

Introducing ARP spoofing and implementing it using Python

Testing the security system using custom packet crafting and injection

Summary

4. Wireless Pentesting

4. Wireless Pentesting

Wireless SSID finding and wireless traffic analysis by Python

Wireless attacks

Summary

5. Foot Printing of a Web Server and a Web Application

5. Foot Printing of a Web Server and a Web Application

The concept of foot printing of a web server

Introducing information gathering

Information gathering of a website from SmartWhois by the parser BeautifulSoup

Banner grabbing of a website

Hardening of a web server

Summary

6. Client-side and DDoS Attacks

6. Client-side and DDoS Attacks

Introducing client-side validation

Tampering with the client-side parameter with Python

Effects of parameter tampering on business

Introducing DoS and DDoS

Summary

7. Pentesting of SQLI and XSS

7. Pentesting of SQLI and XSS

Introducing the SQL injection attack

Types of SQL injections

Understanding the SQL injection attack by a Python script

Learning about Cross-Site scripting

Summary

Index

Index

Introducing the SQL injection attack

SQL injection is a technique, or you could say, an expert technique, that is used to steal data by taking advantage of a nonvalidated input vulnerability. The method by which a web application works can be seen in the following figure:

The method by which a web application works

If our query were not validated, then it would go to the database for execution, and it might then reveal sensitive data or delete data. How data-driven websites work is shown in the preceding figure. In this figure, we are shown that the client opens the web page on a local computer. The host is connected to a web server by the Internet. The preceding figure clearly shows the method by which the web application interacts with the database of a web server.

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Python Penetration Testing Essentials

Search

Your notes and bookmarks