Book Image

Web Penetration Testing with Kali Linux - Third Edition

By : Gilberto Najera-Gutierrez, Juned Ahmed Ansari
Book Image

Web Penetration Testing with Kali Linux - Third Edition

By: Gilberto Najera-Gutierrez, Juned Ahmed Ansari

Overview of this book

Web Penetration Testing with Kali Linux - Third Edition shows you how to set up a lab, helps you understand the nature and mechanics of attacking websites, and explains classical attacks in great depth. This edition is heavily updated for the latest Kali Linux changes and the most recent attacks. Kali Linux shines when it comes to client-side attacks and fuzzing in particular. From the start of the book, you'll be given a thorough grounding in the concepts of hacking and penetration testing, and you'll see the tools used in Kali Linux that relate to web application hacking. You'll gain a deep understanding of classicalSQL, command-injection flaws, and the many ways to exploit these flaws. Web penetration testing also needs a general overview of client-side attacks, which is rounded out by a long discussion of scripting and input validation flaws. There is also an important chapter on cryptographic implementation flaws, where we discuss the most recent problems with cryptographic layers in the networking stack. The importance of these attacks cannot be overstated, and defending against them is relevant to most internet users and, of course, penetration testers. At the end of the book, you'll use an automated technique called fuzzing to identify flaws in a web application. Finally, you'll gain an understanding of web application vulnerabilities and the ways they can be exploited using the tools in Kali Linux.
Table of Contents (19 chapters)
Title Page
Copyright and Credits
Packt Upsell


This chapter was all about installing, configuring, and using Kali Linux. We started by explaining the different ways that Kali Linux can be installed and the scenarios where you can use it. Virtualizing Kali Linux is an attractive option, and we discussed the pros and cons for doing it. Once Kali Linux was up and running, we presented an overview of the major hacking tools that you will be using to test web applications. Burp Suite is a very interesting and feature-rich tool that we will be using throughout the book. We then discussed web vulnerability scanners which are of great use in identifying flaws and configuration issues in well-known web servers. We also talked about using Tor and Privoxy to emulate a real-world attacker who would hide their real identity and location. Finally, we reviewed some alternatives for building a testing lab and vulnerable web applications to test and develop your skills.

In the next chapter, we will perform reconnaissance, scan web applications...