Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Mastering Kali Linux for Web Penetration Testing The ultimate defense against complex organized threats and attacks

Product type Paperback

Published in Jun 2017

Publisher Packt

ISBN-13 9781784395070

Length 338 pages

Edition 1st Edition

Languages

Java

Tools

Kali Linux

Concepts

Penetration Testing

Author (1):

Michael McPhee

View More author details

Table of Contents (13) Chapters

Preface

1. Common Web Applications and Architectures FREE CHAPTER

2. Guidelines for Preparation and Testing

3. Stalking Prey Through Target Recon

4. Scanning for Vulnerabilities with Arachni

5. Proxy Operations with OWASP ZAP and Burp Suite

6. Infiltrating Sessions via Cross-Site Scripting

7. Injection and Overflow Testing

8. Exploiting Trust Through Cryptography Testing

9. Stress Testing Authentication and Session Management

10. Launching Client-Side Attacks

11. Breaking the Application Logic

12. Educating the Customer and Finishing Up

Exploiting the flaws

Once you've scanned for SSL/TLS cipher issues or certificate woes, there is a lot that can be done to look for specific weaknesses that attackers will be using, and these same attacks can be delivered via some of the tools we have already visited in previous chapters. Let's look at a few of the more famous vulnerabilities.

POODLE – all bark, no bite (usually)

Padding Oracle On Downgraded Legacy Encryption (POODLE) (CVE-2014-3566) is a vulnerability that allows a man-in-the-middle exploit by taking advantage of a downward negotiation of the cipher to the affected SSLv3.0 Cipher Block Chaining (CBC) cipher suites. Using a MITM attack, POODLE requires 256 SSL requests to reveal each byte...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (1)

McPhee

Michael McPhee is a systems engineer at Cisco in New York, where he has worked for the last 4 years and has focused on cyber security, switching, and routing. Mikes current role sees him consulting on security and network infrastructures, and he frequently runs clinics and delivers training to help get his customers up to speed. Suffering from a learning addiction, Mike has obtained the following certifications along the way: CEH, CCIE R&S, CCIE Security, CCIP, CCDP, ITILv3, and the Cisco Security White Belt. He is currently working on his VCP6-DV certification, following his kids to soccer games and tournaments, traveling with his wife and kids to as many places as possible, and scouting out his future all-grain beer home brewing rig. He also spends considerable time breaking his home network (for science!), much to the family's dismay. Prior to joining Cisco, Mike spent 6 years in the U.S. Navy and another 10 working on communications systems as a systems engineer and architect for defense contractors, where he helped propose, design, and develop secure command and control networks and electronic warfare systems for the US DoD and NATO allies. Prior publication: Penetration Testing with the Raspberry Pi Second Edition (with Jason Beltrame), Packt Publishing, November 2016.

See other products by McPhee