Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Web Penetration Testing with Kali Linux 2.0, Second Edition
  • Table Of Contents Toc
  • Feedback & Rating feedback
Web Penetration Testing with Kali Linux 2.0, Second Edition

Web Penetration Testing with Kali Linux 2.0, Second Edition

By : Juned Ahmed Ansari
4.2 (5)
Buy this Book
close
close
Web Penetration Testing with Kali Linux 2.0, Second Edition

Web Penetration Testing with Kali Linux 2.0, Second Edition

4.2 (5)
By: Juned Ahmed Ansari
Buy this Book

Overview of this book

Kali Linux 2.0 is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. It contains several hundred tools aimed at various information security tasks such as penetration testing, forensics, and reverse engineering. At the beginning of the book, you will be introduced to the concepts of hacking and penetration testing and will get to know about the tools used in Kali Linux 2.0 that relate to web application hacking. Then, you will gain a deep understanding of SQL and command injection flaws and ways to exploit the flaws. Moving on, you will get to know more about scripting and input validation flaws, AJAX, and the security issues related to AJAX. At the end of the book, you will use an automated technique called fuzzing to be able to identify flaws in a web application. Finally, you will understand the web application vulnerabilities and the ways in which they can be exploited using the tools in Kali Linux 2.0.
Table of Contents (13 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Lock Free Chapter
1
Introduction to Penetration Testing and Web Applications
Icon
Introduction to Penetration Testing and Web Applications
Icon
Proactive security testing
Icon
Considerations when performing penetration testing
Icon
Kali Linux
Icon
A web application overview for penetration testers
Icon
Summary
2
Setting Up Your Lab with Kali Linux
Icon
Setting Up Your Lab with Kali Linux
Icon
Kali Linux
Icon
Important tools in Kali Linux
Icon
Vulnerable applications and servers to practice on
Icon
Summary
3
Reconnaissance and Profiling the Web Server
Icon
Reconnaissance and Profiling the Web Server
Icon
Reconnaissance
Icon
Information gathering
Icon
Scanning – probing the target
Icon
Summary
4
Authentication and Session Management Flaws
chevron up
Icon
Authentication and Session Management Flaws
Icon
Authentication schemes in web applications
Icon
Session management mechanisms
Icon
Common authentication flaws in web applications
Icon
Detecting and exploiting improper session management
Icon
Preventing authentication and session attacks
Icon
Summary
5
Detecting and Exploiting Injection-Based Flaws
Icon
Detecting and Exploiting Injection-Based Flaws
Icon
Command injection
Icon
SQL injection
Icon
XML injection
Icon
NoSQL injection
Icon
Mitigation and prevention of injection vulnerabilities
Icon
Summary
6
Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
Icon
Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
Icon
An overview of Cross-Site Scripting
Icon
Exploiting Cross-Site Scripting
Icon
Scanning for XSS flaws
Icon
Preventing and mitigating Cross-Site Scripting
Icon
Summary
7
Cross-Site Request Forgery, Identification, and Exploitation
Icon
Cross-Site Request Forgery, Identification, and Exploitation
Icon
Testing for CSRF flaws
Icon
Exploiting a CSRF flaw
Icon
Preventing CSRF
Icon
Summary
8
Attacking Flaws in Cryptographic Implementations
Icon
Attacking Flaws in Cryptographic Implementations
Icon
A cryptography primer
Icon
Secure communication over SSL/TLS
Icon
Identifying weak implementations of SSL/TLS
Icon
Custom encryption protocols
Icon
Common flaws in sensitive data storage and transmission
Icon
Preventing flaws in cryptographic implementations
Icon
Summary
9
AJAX, HTML5, and Client-Side Attacks
Icon
AJAX, HTML5, and Client-Side Attacks
Icon
Crawling AJAX applications
Icon
Analyzing the client-side code and storage
Icon
HTML5 for penetration testers
Icon
Bypassing client-side controls
Icon
Mitigating AJAX, HTML5, and client-side vulnerabilities
Icon
Summary
10
Other Common Security Flaws in Web Applications
Icon
Other Common Security Flaws in Web Applications
Icon
Insecure direct object references
Icon
File inclusion vulnerabilities
Icon
HTTP parameter pollution
Icon
Information disclosure
Icon
Mitigation
Icon
Summary
11
Using Automated Scanners on Web Applications
Icon
Using Automated Scanners on Web Applications
Icon
Considerations before using an automated scanner
Icon
Web application vulnerability scanners in Kali Linux
Icon
Content Management Systems scanners
Icon
Fuzzing web applications
Icon
Post-scanning actions
Icon
Summary
12
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review – let other readers know what you think

Authentication issues

Authentication in a web application plays an important role as it verifies the identity of the user and allows the user to view and interact with only those contents that the user is authorized to access. In a web application, authentication is usually done by a combination of username and password.

Authentication protocols and flaws

Authentication is done in web applications using the following methods:

  • Basic authentication
  • Digest authentication
  • Integrated authentication
  • Form-based authentication

Basic authentication

In basic authentication, the username and password is transmitted over the network using the Base64 encoding which is very easy to reverse and acquire the clear text password. The credentials can easily be sniffed by an attacker if the transmission is not done over over a secure channel. These drawbacks should be enough to convince a developer to move over to more secure authentication methods.

Digest authentication

The digest mode authentication was introduced...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Web Penetration Testing with Kali Linux 2.0, Second Edition
End of Section 4
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon