舉報 
會員
Web Penetration Testing with Kali Linux(Third Edition)
Sincethisbooksetsouttocoveralargenumberoftoolsandsecurityfields,itcanworkasanintroductiontopracticalsecurityskillsforbeginnersinsecurity.Inaddition,webprogrammersandalsosystemadministratorswouldbenefitfromthisrigorousintroductiontowebpenetrationtesting.Basicsystemadministrationskillsarenecessary,andtheabilitytoreadcodeisamust.
最新章節
- Leave a review – let other readers know what you think
- Other Books You May Enjoy
- Summary
- Post-scanning actions
- Burp Intruder
- Using the OWASP-ZAP fuzzer
品牌:中圖公司
上架時間:2021-06-24 17:56:08
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Leave a review – let other readers know what you think 更新時間:2021-06-24 18:45:57
- Other Books You May Enjoy
- Summary
- Post-scanning actions
- Burp Intruder
- Using the OWASP-ZAP fuzzer
- Fuzzing web applications
- CMSmap
- JoomScan
- WPScan
- Content Management Systems scanners
- OWASP-ZAP scanner
- Wapiti
- Skipfish
- Nikto
- Web application vulnerability scanners in Kali Linux
- Considerations before using an automated scanner
- Using Automated Scanners on Web Applications
- Summary
- Information disclosure
- HTTP parameter pollution
- File inclusion attacks
- Insecure direct object references
- Mitigation
- Information disclosure
- HTTP parameter pollution
- Remote File Inclusion
- Local File Inclusion
- File inclusion vulnerabilities
- Path traversal
- Direct object references in web services
- Insecure direct object references
- Other Common Security Flaws in Web Applications
- Summary
- Mitigating AJAX HTML5 and client-side vulnerabilities
- Bypassing client-side controls
- Web Workers
- Geolocation
- Cross-Origin Resource Sharing (CORS)
- Other relevant features of HTML5
- Intercepting and modifying WebSockets
- WebSockets
- Web Messaging
- IndexedDB
- Web Storage
- Local storage and client databases
- New properties
- New elements
- New XSS vectors
- HTML5 for penetration testers
- The DOM panel
- The Storage panel
- The Network panel
- The Console panel
- The Debugger panel
- The Inspector panel
- Browser developer tools
- Analyzing the client-side code and storage
- The AJAX Spider – OWASP ZAP
- Sprajax
- AJAX Crawling Tool
- Crawling AJAX applications
- AJAX HTML5 and Client-Side Attacks
- Summary
- Preventing flaws in cryptographic implementations
- Using Hashcat
- Using John the Ripper
- Using offline cracking tools
- Common flaws in sensitive data storage and transmission
- Identifying the encryption algorithm
- Entropy analysis
- Frequency analysis
- hash-identifier
- Hashing algorithms
- Identifying encrypted and hashed information
- Custom encryption protocols
- POODLE
- Exploiting Heartbleed
- Testing SSL configuration using Nmap
- SSLyze
- SSLScan
- The OpenSSL command-line tool
- Identifying weak implementations of SSL/TLS
- TLS encryption process
- Secure communication in web applications
- Secure communication over SSL/TLS
- Salt values
- Hashing functions
- Block cipher modes
- Initialization Vectors
- Stream and block ciphers
- Symmetric encryption algorithm
- Asymmetric encryption versus symmetric encryption
- Algorithms and modes
- A cryptography primer
- Attacking Flaws in Cryptographic Implementations
- Summary
- Preventing CSRF
- Using Cross-Site Scripting to bypass CSRF protections
- CSRF on web services
- Exploiting CSRF in a POST request
- Exploiting a CSRF flaw
- Testing for CSRF flaws
- Cross-Site Request Forgery Identification and Exploitation
- Summary
- Preventing and mitigating Cross-Site Scripting
- XSS-Sniper
- XSSer
- Scanning for XSS flaws
- Taking control of the user's browser with BeEF-XSS
- Key loggers
- Website defacing
- Cookie stealing
- Exploiting Cross-Site Scripting
- XSS using the POST method
- DOM-based XSS
- Reflected XSS
- Persistent XSS
- An overview of Cross-Site Scripting
- Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
- Summary
- Mitigation and prevention of injection vulnerabilities
- Exploiting NoSQL injection
- Testing for NoSQL injection
- NoSQL injection
- The Entity Expansion attack
- The XML External Entity injection
- XPath injection with XCat
- XPath injection
- XML injection
- Attack potential of the SQL injection flaw
- sqlmap
- BBQSQL
- sqlninja
- Automating exploitation
- Blind SQL injection
- Getting basic environment information
- Extracting data with SQL injection
- SQL injection testing methodology
- Vulnerable code
- The SELECT statement
- An SQL primer
- SQL injection
- Exploitation using Metasploit
- Getting a reverse shell
- Exploiting shellshock
- Metacharacters for command separator
- Error-based and blind command injection
- Identifying parameters to inject data
- Command injection
- Detecting and Exploiting Injection-Based Flaws
- Summary
- Session management guidelines
- Authentication guidelines
- Preventing authentication and session attacks
- Session Fixation
- Predicting session IDs
- Using Burp Sequencer to evaluate the quality of session IDs
- Detecting and exploiting improper session management
- Vulnerabilities in 2FA implementations
- Common password reset flaws
- Recovery instead of reset
- The password reset functionality
- Using THC Hydra
- Using Burp Suite Intruder
- Attacking form-based authentication
- Attacking basic authentication with THC Hydra
- Discovering passwords by brute force and dictionary attacks
- Username enumeration
- Lack of authentication or incorrect authorization verification
- Common authentication flaws in web applications
- Session identifiers
- Sessions based on platform authentication
- Session management mechanisms
- OAuth
- Two-factor Authentication
- Form-based authentication
- Drawbacks of platform authentication
- HTTP Negotiate
- Kerberos
- NTLM
- Digest
- Basic
- Platform authentication
- Authentication schemes in web applications
- Authentication and Session Management Flaws
- Summary
- ZAP's forced browse
- DIRB
- Directory brute forcing
- Application login
- Burp Spider
- Spidering web applications
- Testing TLS/SSL configuration using Nmap
- Scanning TLS/SSL configuration with SSLyze
- Scanning TLS/SSL configuration with SSLScan
- OpenSSL client
- Identifying HTTPS configuration and issues
- Testing web servers using auxiliary modules in Metasploit
- Identifying HTTP methods using Nmap
- Scanning web servers for vulnerabilities and misconfigurations
- The WhatWeb scanner
- The HTTP header
- Fingerprinting the web application framework
- The Amap version scan
- The Nmap version scan
- Application version fingerprinting
- Other ways of identifying load balancers
- Cookie-based load balancer
- Identifying load balancers
- Locating virtual hosts using search engines
- Identifying virtual hosts
- Profiling the server
- Identifying the operating system
- Evading firewalls and IPS using Nmap
- Different options for port scan
- Port scanning using Nmap
- Scanning – probing the target
- Reporting modules
- Sub-level and top-level domain enumeration
- Domain enumeration using Recon-ng
- Recon-ng – a framework for information gathering
- Maltego
- theHarvester
- Shodan
- Google dorks
- Using search engines and public sites to gather information
- Brute force DNS records using Nmap
- DNSRecon
- Fierce
- DNSEnum
- DNS enumeration
- Zone transfer using dig
- Identifying related hosts using DNS
- Whois – extracting domain information
- Domain registration details
- Information gathering
- Passive reconnaissance versus active reconnaissance
- Reconnaissance
- Reconnaissance and Profiling the Web Server
- Summary
- Other resources
- Web Security Dojo
- Hackazon
- OWASP Broken Web Applications
- Vulnerable applications and servers to practice on
- Using Tor for penetration testing
- Web application fuzzers
- Database exploitation
- OpenVAS
- Other tools
- Skipfish
- w3af
- Nikto
- Web Vulnerability Scanners
- Uniscan
- DirBuster
- DIRB
- Web Crawlers and Directory Bruteforce
- ProxyStrike
- Zed Attack Proxy
- Burp Proxy with HTTPS websites
- Modifying requests on the fly
- Customizing client interception
- Burp Proxy
- Web Application Proxies
- CMSmap
- JoomScan
- WPScan
- CMS & Framework Identification
- Important tools in Kali Linux
- Installing the system
- Creating the virtual machine
- Installing on VirtualBox
- Virtualizing Kali Linux versus installing it on physical hardware
- Installing Kali Linux
- Latest improvements in Kali Linux
- Kali Linux
- Setting Up Your Lab with Kali Linux
- Summary
- WebSockets
- HTML5
- The AJAX workflow
- Building blocks of AJAX
- AJAX
- XML and JSON
- HTTP methods in web services
- Introducing SOAP and REST web services
- Web services
- Three-layer web application design
- Multilayer web application
- The server-side code
- HTML data in HTTP response
- Cookie parameters
- Persistent and nonpersistent cookies
- Cookie flow between server and client
- Cookies
- Keeping sessions in HTTP
- The OPTIONS method
- The PUT and DELETE methods
- The TRACE method
- The HEAD method
- The POST method
- The GET method
- HTTP methods
- The response header
- The request header
- Knowing an HTTP request and response
- HTTP protocol
- A web application overview for penetration testers
- Kali Linux
- Reasons to guard against attacks on web applications
- The need for testing web applications
- The limitations of penetration testing
- Status meeting and reports
- Sensitive data handling
- Client IT team notifications
- Client contact details
- The type and scope of testing
- Rules of Engagement
- Considerations when performing penetration testing
- Security audits
- Vulnerability assessment
- Penetration testing
- Ethical hacking
- Different testing methodologies
- Proactive security testing
- Introduction to Penetration Testing and Web Applications
- Reviews
- Get in touch
- Conventions used
- Download the color images
- Download the example code files
- To get the most out of this book
- What this book covers
- Who this book is for
- Preface
- Packt is searching for authors like you
- About the reviewer
- About the authors
- Contributors
- PacktPub.com
- Why subscribe?
- Packt Upsell
- Dedication
- Title Page
- coverpage
- coverpage
- Title Page
- Dedication
- Packt Upsell
- Why subscribe?
- PacktPub.com
- Contributors
- About the authors
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the example code files
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Introduction to Penetration Testing and Web Applications
- Proactive security testing
- Different testing methodologies
- Ethical hacking
- Penetration testing
- Vulnerability assessment
- Security audits
- Considerations when performing penetration testing
- Rules of Engagement
- The type and scope of testing
- Client contact details
- Client IT team notifications
- Sensitive data handling
- Status meeting and reports
- The limitations of penetration testing
- The need for testing web applications
- Reasons to guard against attacks on web applications
- Kali Linux
- A web application overview for penetration testers
- HTTP protocol
- Knowing an HTTP request and response
- The request header
- The response header
- HTTP methods
- The GET method
- The POST method
- The HEAD method
- The TRACE method
- The PUT and DELETE methods
- The OPTIONS method
- Keeping sessions in HTTP
- Cookies
- Cookie flow between server and client
- Persistent and nonpersistent cookies
- Cookie parameters
- HTML data in HTTP response
- The server-side code
- Multilayer web application
- Three-layer web application design
- Web services
- Introducing SOAP and REST web services
- HTTP methods in web services
- XML and JSON
- AJAX
- Building blocks of AJAX
- The AJAX workflow
- HTML5
- WebSockets
- Summary
- Setting Up Your Lab with Kali Linux
- Kali Linux
- Latest improvements in Kali Linux
- Installing Kali Linux
- Virtualizing Kali Linux versus installing it on physical hardware
- Installing on VirtualBox
- Creating the virtual machine
- Installing the system
- Important tools in Kali Linux
- CMS & Framework Identification
- WPScan
- JoomScan
- CMSmap
- Web Application Proxies
- Burp Proxy
- Customizing client interception
- Modifying requests on the fly
- Burp Proxy with HTTPS websites
- Zed Attack Proxy
- ProxyStrike
- Web Crawlers and Directory Bruteforce
- DIRB
- DirBuster
- Uniscan
- Web Vulnerability Scanners
- Nikto
- w3af
- Skipfish
- Other tools
- OpenVAS
- Database exploitation
- Web application fuzzers
- Using Tor for penetration testing
- Vulnerable applications and servers to practice on
- OWASP Broken Web Applications
- Hackazon
- Web Security Dojo
- Other resources
- Summary
- Reconnaissance and Profiling the Web Server
- Reconnaissance
- Passive reconnaissance versus active reconnaissance
- Information gathering
- Domain registration details
- Whois – extracting domain information
- Identifying related hosts using DNS
- Zone transfer using dig
- DNS enumeration
- DNSEnum
- Fierce
- DNSRecon
- Brute force DNS records using Nmap
- Using search engines and public sites to gather information
- Google dorks
- Shodan
- theHarvester
- Maltego
- Recon-ng – a framework for information gathering
- Domain enumeration using Recon-ng
- Sub-level and top-level domain enumeration
- Reporting modules
- Scanning – probing the target
- Port scanning using Nmap
- Different options for port scan
- Evading firewalls and IPS using Nmap
- Identifying the operating system
- Profiling the server
- Identifying virtual hosts
- Locating virtual hosts using search engines
- Identifying load balancers
- Cookie-based load balancer
- Other ways of identifying load balancers
- Application version fingerprinting
- The Nmap version scan
- The Amap version scan
- Fingerprinting the web application framework
- The HTTP header
- The WhatWeb scanner
- Scanning web servers for vulnerabilities and misconfigurations
- Identifying HTTP methods using Nmap
- Testing web servers using auxiliary modules in Metasploit
- Identifying HTTPS configuration and issues
- OpenSSL client
- Scanning TLS/SSL configuration with SSLScan
- Scanning TLS/SSL configuration with SSLyze
- Testing TLS/SSL configuration using Nmap
- Spidering web applications
- Burp Spider
- Application login
- Directory brute forcing
- DIRB
- ZAP's forced browse
- Summary
- Authentication and Session Management Flaws
- Authentication schemes in web applications
- Platform authentication
- Basic
- Digest
- NTLM
- Kerberos
- HTTP Negotiate
- Drawbacks of platform authentication
- Form-based authentication
- Two-factor Authentication
- OAuth
- Session management mechanisms
- Sessions based on platform authentication
- Session identifiers
- Common authentication flaws in web applications
- Lack of authentication or incorrect authorization verification
- Username enumeration
- Discovering passwords by brute force and dictionary attacks
- Attacking basic authentication with THC Hydra
- Attacking form-based authentication
- Using Burp Suite Intruder
- Using THC Hydra
- The password reset functionality
- Recovery instead of reset
- Common password reset flaws
- Vulnerabilities in 2FA implementations
- Detecting and exploiting improper session management
- Using Burp Sequencer to evaluate the quality of session IDs
- Predicting session IDs
- Session Fixation
- Preventing authentication and session attacks
- Authentication guidelines
- Session management guidelines
- Summary
- Detecting and Exploiting Injection-Based Flaws
- Command injection
- Identifying parameters to inject data
- Error-based and blind command injection
- Metacharacters for command separator
- Exploiting shellshock
- Getting a reverse shell
- Exploitation using Metasploit
- SQL injection
- An SQL primer
- The SELECT statement
- Vulnerable code
- SQL injection testing methodology
- Extracting data with SQL injection
- Getting basic environment information
- Blind SQL injection
- Automating exploitation
- sqlninja
- BBQSQL
- sqlmap
- Attack potential of the SQL injection flaw
- XML injection
- XPath injection
- XPath injection with XCat
- The XML External Entity injection
- The Entity Expansion attack
- NoSQL injection
- Testing for NoSQL injection
- Exploiting NoSQL injection
- Mitigation and prevention of injection vulnerabilities
- Summary
- Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
- An overview of Cross-Site Scripting
- Persistent XSS
- Reflected XSS
- DOM-based XSS
- XSS using the POST method
- Exploiting Cross-Site Scripting
- Cookie stealing
- Website defacing
- Key loggers
- Taking control of the user's browser with BeEF-XSS
- Scanning for XSS flaws
- XSSer
- XSS-Sniper
- Preventing and mitigating Cross-Site Scripting
- Summary
- Cross-Site Request Forgery Identification and Exploitation
- Testing for CSRF flaws
- Exploiting a CSRF flaw
- Exploiting CSRF in a POST request
- CSRF on web services
- Using Cross-Site Scripting to bypass CSRF protections
- Preventing CSRF
- Summary
- Attacking Flaws in Cryptographic Implementations
- A cryptography primer
- Algorithms and modes
- Asymmetric encryption versus symmetric encryption
- Symmetric encryption algorithm
- Stream and block ciphers
- Initialization Vectors
- Block cipher modes
- Hashing functions
- Salt values
- Secure communication over SSL/TLS
- Secure communication in web applications
- TLS encryption process
- Identifying weak implementations of SSL/TLS
- The OpenSSL command-line tool
- SSLScan
- SSLyze
- Testing SSL configuration using Nmap
- Exploiting Heartbleed
- POODLE
- Custom encryption protocols
- Identifying encrypted and hashed information
- Hashing algorithms
- hash-identifier
- Frequency analysis
- Entropy analysis
- Identifying the encryption algorithm
- Common flaws in sensitive data storage and transmission
- Using offline cracking tools
- Using John the Ripper
- Using Hashcat
- Preventing flaws in cryptographic implementations
- Summary
- AJAX HTML5 and Client-Side Attacks
- Crawling AJAX applications
- AJAX Crawling Tool
- Sprajax
- The AJAX Spider – OWASP ZAP
- Analyzing the client-side code and storage
- Browser developer tools
- The Inspector panel
- The Debugger panel
- The Console panel
- The Network panel
- The Storage panel
- The DOM panel
- HTML5 for penetration testers
- New XSS vectors
- New elements
- New properties
- Local storage and client databases
- Web Storage
- IndexedDB
- Web Messaging
- WebSockets
- Intercepting and modifying WebSockets
- Other relevant features of HTML5
- Cross-Origin Resource Sharing (CORS)
- Geolocation
- Web Workers
- Bypassing client-side controls
- Mitigating AJAX HTML5 and client-side vulnerabilities
- Summary
- Other Common Security Flaws in Web Applications
- Insecure direct object references
- Direct object references in web services
- Path traversal
- File inclusion vulnerabilities
- Local File Inclusion
- Remote File Inclusion
- HTTP parameter pollution
- Information disclosure
- Mitigation
- Insecure direct object references
- File inclusion attacks
- HTTP parameter pollution
- Information disclosure
- Summary
- Using Automated Scanners on Web Applications
- Considerations before using an automated scanner
- Web application vulnerability scanners in Kali Linux
- Nikto
- Skipfish
- Wapiti
- OWASP-ZAP scanner
- Content Management Systems scanners
- WPScan
- JoomScan
- CMSmap
- Fuzzing web applications
- Using the OWASP-ZAP fuzzer
- Burp Intruder
- Post-scanning actions
- Summary
- Other Books You May Enjoy
- Leave a review – let other readers know what you think 更新時間:2021-06-24 18:45:57
