Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Mastering Kali Linux for Web Penetration Testing The ultimate defense against complex organized threats and attacks

Product type Paperback

Published in Jun 2017

Publisher Packt

ISBN-13 9781784395070

Length 338 pages

Edition 1st Edition

Languages

Java

Tools

Kali Linux

Concepts

Penetration Testing

Author (1):

Michael McPhee

View More author details

Table of Contents (13) Chapters

Preface

1. Common Web Applications and Architectures FREE CHAPTER

2. Guidelines for Preparation and Testing

3. Stalking Prey Through Target Recon

4. Scanning for Vulnerabilities with Arachni

5. Proxy Operations with OWASP ZAP and Burp Suite

6. Infiltrating Sessions via Cross-Site Scripting

7. Injection and Overflow Testing

8. Exploiting Trust Through Cryptography Testing

9. Stress Testing Authentication and Session Management

10. Launching Client-Side Attacks

11. Breaking the Application Logic

12. Educating the Customer and Finishing Up

Injecting some fun into your testing

Injection attacks are numerous, but because they all insert code that they know will be transported into the application or database tiers for execution, they have an impact that earns injections a #1 ranking from the OWASP Top 10. We'll cover the big ones here, but know that the scanning and testing approaches are very similar, in that we'll leverage automation to both probe each portal for signs of weakness and to pass best-practice based strings against any potential flaws to test against them. Before we get into the varieties of injection, it helps to step back and look at how OWASP characterizes them. The following screenshot comes from their latest release candidate of the OWASP 2017 Top 10 List (https://github.com/OWASP/Top10/blob/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf):

OWASP's Injection Attack Characterization...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

McPhee

Michael McPhee is a systems engineer at Cisco in New York, where he has worked for the last 4 years and has focused on cyber security, switching, and routing. Mikes current role sees him consulting on security and network infrastructures, and he frequently runs clinics and delivers training to help get his customers up to speed. Suffering from a learning addiction, Mike has obtained the following certifications along the way: CEH, CCIE R&S, CCIE Security, CCIP, CCDP, ITILv3, and the Cisco Security White Belt. He is currently working on his VCP6-DV certification, following his kids to soccer games and tournaments, traveling with his wife and kids to as many places as possible, and scouting out his future all-grain beer home brewing rig. He also spends considerable time breaking his home network (for science!), much to the family's dismay. Prior to joining Cisco, Mike spent 6 years in the U.S. Navy and another 10 working on communications systems as a systems engineer and architect for defense contractors, where he helped propose, design, and develop secure command and control networks and electronic warfare systems for the US DoD and NATO allies. Prior publication: Penetration Testing with the Raspberry Pi Second Edition (with Jason Beltrame), Packt Publishing, November 2016.

See other products by McPhee