Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Practical Web Penetration Testing
  • Table Of Contents Toc
Practical Web Penetration Testing

Practical Web Penetration Testing

By : Khawaja
4.2 (5)
Buy this Book
close
close
Practical Web Penetration Testing

Practical Web Penetration Testing

4.2 (5)
By: Khawaja
Buy this Book

Overview of this book

Companies all over the world want to hire professionals dedicated to application security. Practical Web Penetration Testing focuses on this very trend, teaching you how to conduct application security testing using real-life scenarios. To start with, you’ll set up an environment to perform web application penetration testing. You will then explore different penetration testing concepts such as threat modeling, intrusion test, infrastructure security threat, and more, in combination with advanced concepts such as Python scripting for automation. Once you are done learning the basics, you will discover end-to-end implementation of tools such as Metasploit, Burp Suite, and Kali Linux. Many companies deliver projects into production by using either Agile or Waterfall methodology. This book shows you how to assist any company with their SDLC approach and helps you on your journey to becoming an application security specialist. By the end of this book, you will have hands-on knowledge of using different tools for penetration testing.
Table of Contents (18 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Icon
Disclaimer
Lock Free Chapter
1
Building a Vulnerable Web Application Lab
Icon
Building a Vulnerable Web Application Lab
Icon
Downloading Mutillidae
Icon
Installing Mutillidae on Windows
Icon
Installing Mutillidae on Linux
Icon
Using Mutillidae
Icon
Summary
2
Kali Linux Installation
Icon
Kali Linux Installation
Icon
Introducing Kali Linux
Icon
Installing Kali Linux from scratch
Icon
Installing Kali on VMware
Icon
Installing Kali on VirtualBox
Icon
Bridged versus NAT versus Internal Network
Icon
Updating Kali Linux
Icon
Summary
3
Delving Deep into the Usage of Kali Linux
Icon
Delving Deep into the Usage of Kali Linux
Icon
The Kali filesystem structure
Icon
Handling applications and packages
Icon
Handling the filesystem in Kali
Icon
Security management
Icon
Secure shell protocol
Icon
Configuring network services in Kali
Icon
Process management commands
Icon
System info commands
Icon
Summary
4
All About Using Burp Suite
Icon
All About Using Burp Suite
Icon
An introduction to Burp Suite
Icon
A quick example
Icon
Visualizing the application structure using Burp Target
Icon
Intercepting the requests/responses using Burp Proxy
Icon
Crawling the web application using Burp Spider
Icon
Looking for web vulnerabilities using the scanner
Icon
Replaying web requests using the Repeater tab
Icon
Fuzzing web requests using the Intruder tab
Icon
Installing third-party apps using Burp Extender
Icon
Summary
5
Understanding Web Application Vulnerabilities
Icon
Understanding Web Application Vulnerabilities
Icon
File Inclusion
Icon
Cross-Site Scripting
Icon
Cross-Site Request Forgery
Icon
SQL Injection
Icon
Command Injection
Icon
OWASP Top 10
Icon
Summary
6
Application Security Pre-Engagement
Icon
Application Security Pre-Engagement
Icon
Introduction
Icon
The first meeting
Icon
Non-Disclosure Agreement
Icon
Kick-off meeting
Icon
Time and cost estimation
Icon
Statement of work
Icon
Penetration Test Agreement
Icon
External factors
Icon
Summary
7
Application Threat Modeling
chevron up
Icon
Application Threat Modeling
Icon
Software development life cycle
Icon
Application Threat Modeling at a glance
Icon
Application Threat Modeling in real life
Icon
Application Threat Modeling document parts
Icon
Practical example
Icon
Summary
8
Source Code Review
Icon
Source Code Review
Icon
Programming background
Icon
Enterprise secure coding guidelines
Icon
Static code analysis – manual scan versus automatic scan
Icon
Secure coding checklist
Icon
Summary
9
Network Penetration Testing
Icon
Network Penetration Testing
Icon
Passive information gathering – reconnaissance – OSINT
Icon
Active information gathering – services enumeration
Icon
Vulnerability assessment
Icon
Exploitation
Icon
Privilege escalation
Icon
Summary
10
Web Intrusion Tests
Icon
Web Intrusion Tests
Icon
Web Intrusion Test workflow
Icon
Identifying hidden contents
Icon
Common web page checklist
Icon
Special pages checklist
Icon
Reporting
Icon
Summary
11
Pentest Automation Using Python
Icon
Pentest Automation Using Python
Icon
Python IDE
Icon
Penetration testing automation
Icon
Summary
12
Nmap Cheat Sheet
Icon
Nmap Cheat Sheet
Icon
Target specification
Icon
Host discovery
Icon
Scan types and service versions
Icon
Port specification and scan order
Icon
Script scan
Icon
Timing and performance
Icon
Firewall/IDS evasion and spoofing
Icon
Output
13
Metasploit Cheat Sheet
Icon
Metasploit Cheat Sheet
Icon
Metasploit framework
14
Netcat Cheat Sheet
Icon
Netcat Cheat Sheet
Icon
Netcat command flags
Icon
Practical examples
15
Networking Reference Section
Icon
Networking Reference Section
Icon
Network subnets
Icon
Port numbers and services
16
Python Quick Reference
Icon
Python Quick Reference
Icon
Quick Python language overview
17
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Practical example

Our practical example is based on the Company Name XYZ Inc. The marketing team in XYZ wants to add a blog page to attract more clients and they want to call the project xBlog. You attended a few kick-off meetings and now, finally, they have sent you the architecture document, and inside it, you have the following diagram:

According to this diagram, the clients (customers) will be able to access the blog from anywhere and they can add comments (the authentication process for customers is out of scope because clients will be authenticated through the main page of the company's website). On the other hand, the employees of XYZ can add a blog or approve a client comment through the WordPress CMS. Simple, right? Your job as an application security expert is to submit an ATM document to the project team before going to the architecture review board; let&apos...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Practical Web Penetration Testing
End of Section 7
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon