Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Mastering Kali Linux for Web Penetration Testing
Mastering Kali Linux for Web Penetration Testing

Mastering Kali Linux for Web Penetration Testing: The ultimate defense against complex organized threats and attacks

eBook
€8.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Mastering Kali Linux for Web Penetration Testing

Guidelines for Preparation and Testing

Understanding how target applications are built, as discussed in Chapter 1, Common Web Applications and Architectures, will certainly help us go further than a cursory pen test. All of this understanding can be a double-edged sword. More complex applications can overwhelm the most technically skilled testers. When we're testing, we need to ensure we are covering the entire scope of the requirements. It may be tempting to do this on-the- fly, but if you are anything like me, we're going to need to have a plan. Having a rigorous process and well-understood rules will help us provide consistent, valuable information to our customers. This extra formal treatment will also ensure we get full coverage of the scope that we've agreed upon with our customers.

These plans can exist as either a part of the customer's process or as...

Picking your favorite testing framework

In the race to establish leadership in the fields of penetration testing and web app pen testing in particular, several organizations, companies, and councils have sprung up. Some of these organizations offer a product-neutral methodology, while others have perspectives that unabashedly drive their recommended pen testing approach or framework. This testing framework's contents and format will vary greatly, so we'll need to sort through the options and see which one makes sense.

Government supported centers and institutes such as the United States Computer Emergency Readiness Teams (US CERT), Computer Security Resource Center (CSRC) at the National Institute of Standards and Technology (NIST), and the newly established European Union Agency for Network and Information Security (https://www.enisa.europa.eu ) tend to be focused on...

Keeping it legal and ethical

Wouldn't it be great if our testing processes kept us out of jail and reduced the risk for us and our customers? There is an exponentially growing body of laws at the national, provincial, state, and local levels in most countries. The many news stories we are all bombarded with make it clear that government bodies at all levels throughout the world are still trying to determine how to find the right balance of privacy, confidentiality, and accountability for cyber-security related events. It turns out that, in the vast majority of government bodies, those making the laws might be ill-suited to understand the complexities and form effective regulations. One Complication for us is the fact that we are very rarely operating in a single jurisdiction: interstate and international entanglements are perilous and dynamic. How can we save ourselves from...

Labbing - practicing what we learn

So you are probably asking, When can we have some pen testing fun? Let's just say soon. We have to establish a safe yet representative environment that can provide ripe targets for the various tests we'd like to run. We also want to push the limits without impacting the performance of some real production applications or their underlying systems or supporting networks. As variety is the spice of life, it also holds true in penetration testing. Your efficacy in testing will be greatly improved with some exposure and knowledge of a variety of platforms. There are some great resources such as Packt's own Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition by Kevin Cardwell (https://www.packtpub.com/networking-and-servers/building-virtual-pentesting-labs-advanced-penetration-testing-second-edition), if...

Summary

Web application penetration testing can be a big undertaking. Failing to plan is planning to fail; it is essential that we have a well-defined process or testing framework in place that is both well understood by our technical team, as well as sanctioned by the customer's management for use in their environment. Pen testing inevitably forces us to understand some non-technical aspects of the job too. When we are targeting applications we do not own, across infrastructures that are provided by third parties, we will most certainly have to abide by the various rules and ethical norms of those many stakeholders. There are a lot of different angles to achieving this understanding, so at the very least this should be a deliberate and a well-thought out process.

In this chapter, we took a look at some of the more prevalent testing methodologies and frameworks that we can...

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • -Make the most out of advanced web pen-testing techniques using Kali Linux 2016.2
  • -Explore how Stored (a.k.a. Persistent) XSS attacks work and how to take advantage of them
  • -Learn to secure your application by performing advanced web based attacks.
  • -Bypass internet security to traverse from the web to a private network.

Description

You will start by delving into some common web application architectures in use, both in private and public cloud instances. You will also learn about the most common frameworks for testing, such as OWASP OGT version 4, and how to use them to guide your efforts. In the next section, you will be introduced to web pentesting with core tools and you will also see how to make web applications more secure through rigorous penetration tests using advanced features in open source tools. The book will then show you how to better hone your web pentesting skills in safe environments that can ensure low-risk experimentation with the powerful tools and features in Kali Linux that go beyond a typical script-kiddie approach. After establishing how to test these powerful tools safely, you will understand how to better identify vulnerabilities, position and deploy exploits, compromise authentication and authorization, and test the resilience and exposure applications possess. By the end of this book, you will be well-versed with the web service architecture to identify and evade various protection mechanisms that are used on the Web today. You will leave this book with a greater mastery of essential test techniques needed to verify the secure design, development, and operation of your customers' web applications.

Who is this book for?

This book targets IT pen testers, security consultants, and ethical hackers who want to expand their knowledge and gain expertise on advanced web penetration techniques. Prior knowledge of penetration testing would be beneficial.

What you will learn

  • • Establish a fully-featured sandbox for test rehearsal and risk-free investigation of applications
  • • Enlist open-source information to get a head-start on enumerating account credentials, mapping potential dependencies, and discovering unintended backdoors and exposed information
  • • Map, scan, and spider web applications using nmap/zenmap, nikto, arachni, webscarab, w3af, and NetCat for more accurate characterization
  • • Proxy web transactions through tools such as Burp Suite, OWASP s ZAP tool, and Vega to uncover application weaknesses and manipulate responses
  • • Deploy SQL injection, cross-site scripting, Java vulnerabilities, and overflow attacks using Burp Suite, websploit, and SQLMap to test application robustness
  • • Evaluate and test identity, authentication, and authorization schemes and sniff out weak cryptography before the black hats do

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 28, 2017
Length: 338 pages
Edition : 1st
Language : English
ISBN-13 : 9781784396213
Vendor :
Offensive Security
Category :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Jun 28, 2017
Length: 338 pages
Edition : 1st
Language : English
ISBN-13 : 9781784396213
Vendor :
Offensive Security
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 125.97
Mastering Kali Linux for Web Penetration Testing
€41.99
Mastering Kali Linux for Advanced Penetration Testing, Second Edition
€41.99
Kali Linux Network Scanning Cookbook
€41.99
Total 125.97 Stars icon
Banner background image

Table of Contents

12 Chapters
Common Web Applications and Architectures Chevron down icon Chevron up icon
Guidelines for Preparation and Testing Chevron down icon Chevron up icon
Stalking Prey Through Target Recon Chevron down icon Chevron up icon
Scanning for Vulnerabilities with Arachni Chevron down icon Chevron up icon
Proxy Operations with OWASP ZAP and Burp Suite Chevron down icon Chevron up icon
Infiltrating Sessions via Cross-Site Scripting Chevron down icon Chevron up icon
Injection and Overflow Testing Chevron down icon Chevron up icon
Exploiting Trust Through Cryptography Testing Chevron down icon Chevron up icon
Stress Testing Authentication and Session Management Chevron down icon Chevron up icon
Launching Client-Side Attacks Chevron down icon Chevron up icon
Breaking the Application Logic Chevron down icon Chevron up icon
Educating the Customer and Finishing Up Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(1 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Joji Jan 09, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Thanks good book
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.