Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Kali Linux Web Penetration Testing Cookbook Identify, exploit, and prevent web application vulnerabilities with Kali Linux 2018.x

Product type Paperback

Published in Aug 2018

Publisher Packt

ISBN-13 9781788991513

Length 404 pages

Edition 2nd Edition

Languages

Tools

Kali Linux

Concepts

Penetration Testing

Author (1):

Gilberto Najera-Gutierrez

View More author details

Table of Contents (12) Chapters

Preface

1. Setting Up Kali Linux and the Testing Lab FREE CHAPTER

2. Reconnaissance

3. Using Proxies, Crawlers, and Spiders

4. Testing Authentication and Session Management

5. Cross-Site Scripting and Client-Side Attacks

6. Exploiting Injection Vulnerabilities

7. Exploiting Platform Vulnerabilities

8. Using Automated Scanners

9. Bypassing Basic Security Controls

10. Mitigation of OWASP Top 10 Vulnerabilities

11. Other Books You May Enjoy

Leave a review - let other readers know what you think

Identifying HTTPS encryption parameters

We are, at a certain level, used to assuming that when a connection uses HTTPS with SSL or TLS encryption, it is secured and any attacker that intercepts it will only receive a series of meaningless numbers. Well, this may not be absolutely true; the HTTPS servers need to be correctly configured to provide a strong layer of encryption and to protect users from man-in-the-middle (MITM) attacks or cryptanalysis. A number of vulnerabilities in the implementation and design of the SSL protocol have been discovered and its successor, TLS, has also been found to be vulnerable under certain configurations, thus making the testing of secure connections mandatory in any web application penetration test.

In this recipe, we will use tools such as Nmap, SSLScan, and TestSSL to analyze the configuration (from the client's perspective) of the server...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (1)

Gilberto Najera-Gutierrez

Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).

See other products by Gilberto Najera-Gutierrez