Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Kali Linux Web Penetration Testing Cookbook Identify, exploit, and prevent web application vulnerabilities with Kali Linux 2018.x

Product type Paperback

Published in Aug 2018

Publisher Packt

ISBN-13 9781788991513

Length 404 pages

Edition 2nd Edition

Languages

Tools

Kali Linux

Concepts

Penetration Testing

Author (1):

Gilberto Najera-Gutierrez

View More author details

Table of Contents (12) Chapters

Preface

1. Setting Up Kali Linux and the Testing Lab FREE CHAPTER

2. Reconnaissance

3. Using Proxies, Crawlers, and Spiders

4. Testing Authentication and Session Management

5. Cross-Site Scripting and Client-Side Attacks

6. Exploiting Injection Vulnerabilities

7. Exploiting Platform Vulnerabilities

8. Using Automated Scanners

9. Bypassing Basic Security Controls

10. Mitigation of OWASP Top 10 Vulnerabilities

11. Other Books You May Enjoy

Leave a review - let other readers know what you think

A2 – Building proper authentication and session management

Flawed authentication and session management is the second most critical vulnerability in web applications nowadays.

Authentication is the process whereby users prove that they are who they say they are; this is usually done through usernames and passwords. Some common flaws in this area are permissive password policies and security through obscurity (lack of authentication in supposedly hidden resources).

Session management is the handling of session identifiers of logged in users; in web servers, this is done by implementing session cookies and tokens. These identifiers can be implanted, stolen, or hijacked by attackers using social engineering, Cross-Site Scripting, CSRF, and so on. Hence, a developer must pay special attention to how this information is managed.

In this recipe, we will cover some of the best...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (1)

Gilberto Najera-Gutierrez

Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).

See other products by Gilberto Najera-Gutierrez