- Web Penetration Testing with Kali Linux
- Joseph Muniz Aamir Lakhani
- 189字
- 2021-08-04 10:16:50
Reconnaissance objectives
- Target background: What is the focus of the target's business?
- Target's associates: Who are the business partners, vendors, and customers?
- Target's investment in security: Are security policies advertised? What is the potential investment security, and user security awareness?
- Target's business and security policies: How does the business operate? Where are the potential weaknesses in operation?
- Target's people: What type of people work there? How can they become your asset for the attack?
- Define targets: What are the lowest hanging fruit targets? What should be avoided?
- Target's network: How do the people and devices communicate on the network?
- Target's defenses: What type of security is in place? Where is it located?
- Target's technologies: What technologies are used for e-mail, network traffic, storing information, authentication, and so on? Are they vulnerable?
Kali Linux contains an extensive catalog of tools titled Information Gathering specified for Reconnaissance efforts. It could fill a separate book to cover all tools and methods offered for Information Gathering. This chapter will focus on various web application Reconnaissance topics and relate the best tools found on the Internet as well as that offered by Kali Linux.
推薦閱讀
- 大話PLC(輕松動漫版)
- 程序員面試筆試寶典
- 數據結構習題精解(C語言實現+微課視頻)
- MATLAB應用與實驗教程
- BeagleBone Black Cookbook
- 軟件測試實用教程
- Mastering Linux Security and Hardening
- Swift 4 Protocol-Oriented Programming(Third Edition)
- 從零開始學UI:概念解析、實戰提高、突破規則
- JavaScript前端開發基礎教程
- 測試工程師Python開發實戰
- Python程序設計教程
- Web前端開發精品課:HTML5 Canvas開發詳解
- 代碼整潔之道:程序員的職業素養
- C/C++程序設計教程:面向對象分冊