Packt+ | Advance your knowledge in tech

You're reading from Web Penetration Testing with Kali Linux Explore the methods and tools of ethical hacking with Kali Linux

Product type Paperback

Published in Feb 2018

Publisher

ISBN-13 9781788623377

Length 426 pages

Edition 3rd Edition

Tools

Kali Linux

Concepts

Ethical Hacking

Authors (3):

Juned Ahmed Ansari

Daniel W. Dieterle

Gilberto Najera-Gutierrez

View More author details

Table of Contents (13) Chapters

Preface

1. Introduction to Penetration Testing and Web Applications FREE CHAPTER

2. Setting Up Your Lab with Kali Linux

3. Reconnaissance and Profiling the Web Server

4. Authentication and Session Management Flaws

5. Detecting and Exploiting Injection-Based Flaws

6. Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities

7. Cross-Site Request Forgery, Identification, and Exploitation

8. Attacking Flaws in Cryptographic Implementations

9. AJAX, HTML5, and Client-Side Attacks

10. Other Common Security Flaws in Web Applications

11. Using Automated Scanners on Web Applications

12. Other Books You May Enjoy

Leave a review – let other readers know what you think

Custom encryption protocols

As penetration testers, it's not uncommon to find applications where developers make custom implementations of standard encryption protocols or attempt to create their own custom algorithms. In such cases, you need to pay special attention to these modules, as they may contain several flaws that could prove catastrophic if released into production environments.

As stated previously, encryption algorithms are created by information security experts and mathematicians specialized in cryptography through years of experimentation and testing. It is highly improbable for a single developer or small team to design a cryptographically strong algorithm or to improve on an intensively tested implementation such as OpenSSL or the established cryptographic libraries of programming languages.