Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Mastering Kali Linux for Web Penetration Testing The ultimate defense against complex organized threats and attacks

Product type Paperback

Published in Jun 2017

Publisher Packt

ISBN-13 9781784395070

Length 338 pages

Edition 1st Edition

Languages

Java

Tools

Kali Linux

Concepts

Penetration Testing

Author (1):

Michael McPhee

View More author details

Table of Contents (13) Chapters

Preface

1. Common Web Applications and Architectures FREE CHAPTER

2. Guidelines for Preparation and Testing

3. Stalking Prey Through Target Recon

4. Scanning for Vulnerabilities with Arachni

5. Proxy Operations with OWASP ZAP and Burp Suite

6. Infiltrating Sessions via Cross-Site Scripting

7. Injection and Overflow Testing

8. Exploiting Trust Through Cryptography Testing

9. Stress Testing Authentication and Session Management

10. Launching Client-Side Attacks

11. Breaking the Application Logic

12. Educating the Customer and Finishing Up

Summary

XSS attacks have been a thorn in the side of security professionals and millions of victims since the explosion in dynamic content brought JavaScript into the forefront of web development. Coupled with an antiquated means of establishing trust (entity-based with no validation of input), this has made XSS an OWASP Top 10 vulnerability for over 10 years. It is clear that something should be done to bring more attention to it, and it is the increased use of pen testing that can make the difference.

The tools for XSS are many, and while we covered some of the more accessible tools Kali included here, it became obvious to me in preparing to write this chapter that the toolsets experienced some ebb and flow; some tools have fallen out of favor over time while others seem to keep on fighting. Some of this might be attributed to corporate sponsorship – Rapid7 is a key player...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (1)

McPhee

Michael McPhee is a systems engineer at Cisco in New York, where he has worked for the last 4 years and has focused on cyber security, switching, and routing. Mikes current role sees him consulting on security and network infrastructures, and he frequently runs clinics and delivers training to help get his customers up to speed. Suffering from a learning addiction, Mike has obtained the following certifications along the way: CEH, CCIE R&S, CCIE Security, CCIP, CCDP, ITILv3, and the Cisco Security White Belt. He is currently working on his VCP6-DV certification, following his kids to soccer games and tournaments, traveling with his wife and kids to as many places as possible, and scouting out his future all-grain beer home brewing rig. He also spends considerable time breaking his home network (for science!), much to the family's dismay. Prior to joining Cisco, Mike spent 6 years in the U.S. Navy and another 10 working on communications systems as a systems engineer and architect for defense contractors, where he helped propose, design, and develop secure command and control networks and electronic warfare systems for the US DoD and NATO allies. Prior publication: Penetration Testing with the Raspberry Pi Second Edition (with Jason Beltrame), Packt Publishing, November 2016.

See other products by McPhee