Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Kali Linux for Web Penetration Testing

You're reading from   Mastering Kali Linux for Web Penetration Testing The ultimate defense against complex organized threats and attacks

Arrow left icon
Product type Paperback
Published in Jun 2017
Publisher Packt
ISBN-13 9781784395070
Length 338 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Michael McPhee Michael McPhee
Author Profile Icon Michael McPhee
Michael McPhee
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Common Web Applications and Architectures FREE CHAPTER 2. Guidelines for Preparation and Testing 3. Stalking Prey Through Target Recon 4. Scanning for Vulnerabilities with Arachni 5. Proxy Operations with OWASP ZAP and Burp Suite 6. Infiltrating Sessions via Cross-Site Scripting 7. Injection and Overflow Testing 8. Exploiting Trust Through Cryptography Testing 9. Stress Testing Authentication and Session Management 10. Launching Client-Side Attacks 11. Breaking the Application Logic 12. Educating the Customer and Finishing Up

What this book covers

Chapter 1, Common Web Applications and Architectures, reviews some common web application architectures and hosting paradigms to help us identify the potential weaknesses and select the appropriate test plan.

Chapter 2, Guidelines for Preparation and Testing, helps us understand the many sources of requirements for our testing (ethical, legal, and regulatory) and how to select the appropriate testing methodology for a scenario or customer.

Chapter 3, Stalking Prey Through Target Recon, introduces open source intelligence gathering and passive recon methods to help map out a target and its attack surface.

Chapter 4, Scanning for Vulnerabilities with Arachni, discusses one of the purpose-built vulnerability scanners included in Kali that can help us conduct scans of even the largest applications and build fantastic reports.

Chapter 5, Proxy Operations with OWASP ZAP and Burp Suite, dives into proxy-based tools to show how they can not only actively scan, but passively intercept and manipulate messages to exploit many vulnerabilities.

Chapter 6, Infiltrating Sessions via Cross-Site Scripting, explores how we can test and implement Cross Site Scripting (XSS) to both compromise the client and manipulate the information flows for other attacks. Tools such as BeEF, XSSer, Websploit, and Metasploit are discussed in this chapter.

Chapter 7, Injection and Overflow Testing, looks into how we can test for various forms of unvalidated input (for example, SQL, XML, LDAP, and HTTP) that have the potential to reveal inappropriate information, escalate privileges, or otherwise damage an application's servers or modules. We'll see how Commix, BBQSQL, SQLMap, SQLninja, and SQLsus can help.

Chapter 8, Exploiting Trust Through Cryptography Testing, helps us see how we can tackle testing the strength that encryption applications may be using to protect the integrity and privacy of their communications with clients. Our tools of interest will be SSLstrip, SSLScan, SSLsplit, SSLyze, and SSLsniff.

Chapter 9, Stress Testing Authentication and Session Management, tackles the testing of various vulnerabilities and schemes focused on how web apps determine who is who and what they are entitled to see or access. Burp will be the primary tool of interest.

Chapter 10, Launching Client-Side Attacks, focuses on how to test for vulnerabilities (CSRF, DOM-XSS, and so on) that allow attackers to actually compromise a client and either steal its information or alter its behavior, as the earlier chapters dealt with how to test the servers and applications themselves. JavaScript and other forms of implant will be the focus.

Chapter 11, Breaking the Application Logic, explains how to test for a variety of flaws in the business logic of an application. Important as it is, it requires significant understanding of what the app is intending and how it is implemented.

Chapter 12, Educating the Customer and Finishing Up, wraps up the book with a look at providing useful and well-organized guidance and insights to the customer. This chapter also looks at complementary or alternate toolsets worth a look.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at ₹800/month. Cancel anytime