Preface
Nowadays, information security is a hot topic all over the news and the Internet; we hear almost every day about web page defacements, data leaks of millions of user accounts and passwords or credit card numbers from websites, and identity theft on social networks; terms such as cyber attack, cybercrime, hacker, and even cyberwar are becoming a part of the daily lexicon in the media.
All this exposition to information security subjects and the real need to protect sensitive data and their reputation have made organizations more aware of the need to know where their systems are vulnerable; especially, for the ones that are accessible to the world through the Internet, how could they be attacked, and what will be the consequences, in terms of information lost or system compromise if an attack was successful. And more importantly, how to fix those vulnerabilities and minimize the risk.
This task of detecting vulnerabilities and discovering their impact on organizations is the one that is addressed through penetration testing. A penetration test is an attack or attacks made by a trained security professional who is using the same techniques and tools that real hackers use in order to discover all the possible weak spots in the organization's systems. These weak spots are exploited and their impact is measured. When the test is finished, the penetration tester informs all their findings and tells how they can be fixed to prevent future damage.
In this book, we follow the whole path of a web application penetration test and, in the form of easy-to-follow, step-by-step recipes, show how the vulnerabilities in web applications and web servers can be discovered, exploited, and fixed.