Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Free Learning

You're reading from Hands-On Web Penetration Testing with Metasploit The subtle art of using Metasploit 5.0 for web application exploitation

Product type Paperback

Published in May 2020

Publisher Packt

ISBN-13 9781789953527

Length 544 pages

Edition 1st Edition

Languages

Python

Tools

Metasploit

Concepts

Penetration Testing

Authors (2):

Harpreet Singh

Himanshu Sharma

View More author details

Table of Contents (23) Chapters

Preface

1. Introduction

2. Introduction to Web Application Penetration Testing FREE CHAPTER

3. Metasploit Essentials

4. The Metasploit Web Interface

5. The Pentesting Life Cycle with Metasploit

6. Using Metasploit for Reconnaissance

7. Web Application Enumeration Using Metasploit

8. Vulnerability Scanning Using WMAP

9. Vulnerability Assessment Using Metasploit (Nessus)

10. Pentesting Content Management Systems (CMSes)

11. Pentesting CMSes - WordPress

12. Pentesting CMSes - Joomla

13. Pentesting CMSes - Drupal

14. Performing Pentesting on Technological Platforms

15. Penetration Testing on Technological Platforms - JBoss

16. Penetration Testing on Technological Platforms - Apache Tomcat

17. Penetration Testing on Technological Platforms - Jenkins

18. Logical Bug Hunting

19. Web Application Fuzzing - Logical Bug Hunting

20. Writing Penetration Testing Reports

21. Assessment

22. Other Books You May Enjoy

Leave a review - let other readers know what you think

Chapter 1

Yes, there is. There's a CWE list maintained by MITRE that can be found at https://cwe.mitre.org/.
The OWASP Top 10 can be found at https://owasp.org/www-project-top-ten/, while the SANS Top 25 can be found at https://www.sans.org/top25-software-errors/.
Many of the tools that are used in a typical penetration test are open source, such as Nmap, and the Metasploit framework. However, there are some really efficient tools on the market that can be used as well, including BurpSuite Professional and Nessus Professional.
An OSSTMM penetration test can be one of six different types, depending on the nature and scope of the engagement. PTES-based penetration tests are categorized under very generic test types, such as white box, gray box, and black box. As PTES is the industry standard, most penetration tests use the PTES methodology.

...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

Harpreet Singh

Harpreet is a professional with 8+ years of experience in the field of Ethical Hacking, Penetration Testing, Vulnerability Research & Red Teaming. He is the author of "Hands-On: Web Penetration Testing with Metasploit" and "Hands-On: Red Team Tactics" published by Packt Publishing. He's also an OSCP, OSWP, CRTP certified professional. Over the years of his experience, Harpreet has acquired the Offensive & Defensive skill set. He is a professional who specializes in Wireless & network exploitation including but not limited to Mobile exploitation, Web Application exploitation and he has also performed few Red Team Engagements in Banks & Financial Groups.

See other products by Harpreet Singh

Himanshu Sharma

Himanshu Sharma has been in the field of security since 2009 and has been listed in the halls of fame of Apple, Google, Microsoft, Facebook, and many more. He has helped celebrities such as Harbhajan Singh in recovering their hacked accounts. He has been a speaker at various conferences worldwide such as BotConf, CONFidence, Hack In the Box, SINCON, Sec-T, Hackcon, and numerous others. Currently, he is the co-founder of BugsBounty. He also authored multiple bestsellers titled "Kali Linux - An Ethical Hacker's Cookbook", " Hands-On Red Team Tactics" and "Hands-On Web Pentesting with Metasploit."

See other products by Himanshu Sharma