Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Practical Web Penetration Testing

You're reading from Practical Web Penetration Testing Secure web applications using Burp Suite, Nmap, Metasploit, and more

Product type Paperback

Published in Jun 2018

Publisher Packt

ISBN-13 9781788624039

Length 294 pages

Edition 1st Edition

Languages

Python

Tools

Burp Suite

Concepts

Cybersecurity

Author (1):

Gus Khawaja

View More author details

Table of Contents (18) Chapters

Preface

1. Building a Vulnerable Web Application Lab FREE CHAPTER

2. Kali Linux Installation

3. Delving Deep into the Usage of Kali Linux

4. All About Using Burp Suite

5. Understanding Web Application Vulnerabilities

6. Application Security Pre-Engagement

7. Application Threat Modeling

8. Source Code Review

9. Network Penetration Testing

10. Web Intrusion Tests

11. Pentest Automation Using Python

12. Nmap Cheat Sheet

13. Metasploit Cheat Sheet

Metasploit framework

14. Netcat Cheat Sheet

15. Networking Reference Section

16. Python Quick Reference

Quick Python language overview

17. Other Books You May Enjoy

Leave a review - let other readers know what you think

Fuzzing web requests using the Intruder tab

Burp Intruder is a monster of automation, and it allows you to enumerate, fuzz, and harvest data from the target web application. In the old days, when I started using Burp, the first thing that I learned was to use the Intruder tool to brute-force login credentials. We will cover more examples in the upcoming chapters, but for this section, I want you to understand the basics of this tool:

Intruder attack types

One of the most confusing things for beginners are the attack types in the Intruder tool. I will do my best to explain them to you in a practical way, so they won't be an obstacle for you to use this section:

Sniper: This is the most popular one, and you can use it...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at ₹800/month. Cancel anytime

Authors (1)

Khawaja

Khawaja

Gus Khawaja holds a bachelor's degree in computer science. He specializes in IT security and ethical hacking. He is an author and shares his passion with millions of viewers around the world using his online courses. He also works as a cybersecurity consultant in Montreal, Canada. After many years of experience in programming, he turned his attention to cybersecurity and the importance that security brings to this minefield. His passion for the ethical hacking mixed with his background in programming and IT makes him a wise swiss-knife professional in the computer science domain.

See other products by Khawaja

Other recommended products

Related to this chapter

Burp Suite Cookbook

Burp Suite Cookbook

The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.

Sep 2018 11h 56m

Network Scanning Cookbook

Network Scanning Cookbook

Network Scanning Cookbook enables a reader to understand how to perform a Network Scan, which includes Discovery, Scanning, Enumeration, Vulnerability detection etc using scanning tools like Nessus and Nmap. If the reader is an auditor, they will be able to determine the security state of the client's network and recommend remediations accordingly.

Sep 2018 10h 8m

Hands-On Application Penetration Testing with Burp Suite

Hands-On Application Penetration Testing with Burp Suite

Using Burp Suite, you can quickly build proof of concepts, extract data via an exploit, attack multiple end points in an application and even begin to script complex multi stage attacks. This book will provide a hands-on coverage on how you can get started with executing an application penetration test and be sure of the results.

Feb 2019 12h 12m

Kali Linux Cookbook

Kali Linux Cookbook

Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world's most popular penetration testing distribution. Kali Linux is the most widely used platform and toolkit for penetration testing. Security is currently the hottest field in technology with a projected need for millions of security professionals. This book focuses on enhancing your knowledge in Kali Linux for security by expanding your skills with toolkits and frameworks that can increase your value as a security professional.

Sep 2017 14h 36m

Learning Python Web Penetration Testing

Learning Python Web Penetration Testing

This book will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for every main activity in the process. It will show you how to test for security vulnerabilities in web applications just like security professionals and hackers do.

Jun 2018 4h 36m

Metasploit for Beginners

Metasploit for Beginners

Metasploit for Beginners will provide a good starting point to perform penetration testing and identify threats and vulnerabilities to secure your IT environment. This book would help the reader absorb the essential concepts on using Metasploit framework for comprehensive penetration testing. By the end of the book, the reader would feel confident on having gained sufficient hands-on knowledge on effectively utilizing the framework in real world scenarios.

Jul 2017 6h 20m

Metasploit 5.0 for Beginners

Metasploit 5.0 for Beginners

Metasploit 5.x for Beginners will provide a good starting point to perform penetration testing and identify threats and vulnerabilities to secure your IT environment. You will be able to analyze, identify, and exploit threats and vulnerabilities to secure your IT environment.

Apr 2020 8h 12m

ASP.NET Core 5 Secure Coding Cookbook

ASP.NET Core 5 Secure Coding Cookbook

There are various ways to fix an ASP.NET Core web application security flaw. However, very few books share expert advice relating to which approaches work best for ASP.NET Core apps – unlike this book. The ASP.NET Core Secure Coding Cookbook is your guide to tackling the most common ASP.NET Core web application vulnerabilities.

Jul 2021 10h 48m

Learn Penetration Testing

Learn Penetration Testing

A penetration test, also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF). This book teaches you various penetration testing techniques in order to become a proficient Penetration tester.

May 2019 14h 8m

Kali Linux Web Penetration Testing Cookbook

Kali Linux Web Penetration Testing Cookbook

Kali Linux is the most popular open-source penetration toolkit used for effective web penetration testing. This book will teach you, in the form of step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure.

Aug 2018 13h 28m

Learn Kali Linux 2019

Learn Kali Linux 2019

The current trend of various hacking and security breaches displays how important it has become to pentest your environment, to ensure end point protection. This book will take you through the latest version of Kali Linux to efficiently deal with various crucial security aspects such as confidentiality, integrity, access control and authentication.

Nov 2019 18h 20m

Mastering Kali Linux for Advanced Penetration Testing

Mastering Kali Linux for Advanced Penetration Testing

Mastering Kali Linux for Advanced Penetration Testing, Third Edition will guide you through proven techniques to test your infrastructure security using Kali Linux. From selecting the most effective tools to carrying out advanced pentesting in highly secure environments, this book will help you gain the expertise you need to advance in your career.

Jan 2019 18h 16m

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

API Security for White Hat Hackers

API Security for White Hat Hackers

API Security for White Hat Hackers is a comprehensive guide that simplifies API security by showing you how to identify and fix vulnerabilities. From emerging threats to best practices, this book helps you defend and safeguard your APIs.

Jun 2024 13h 56m

Securing Cloud PCs and Azure Virtual Desktop

Securing Cloud PCs and Azure Virtual Desktop

This book covers the fundamentals of Windows 365 and Azure Virtual Desktop, addressing endpoint security challenges. You'll also explore advanced security measures for virtual environments.

Jun 2024 13h 12m

Cybersecurity Strategies and Best Practices

Cybersecurity Strategies and Best Practices

This book offers real-world case studies, holistic approaches, and practical guidance to boost your cybersecurity expertise. You'll learn how to align security strategies with business objectives and stay ahead of the evolving threat landscape.

May 2024 8h 24m

PowerShell for Penetration Testing

PowerShell for Penetration Testing

Designed for security professionals and aspiring pentesters, this book equips you with the skills and knowledge to exploit vulnerabilities, gain access, and navigate post-exploitation scenarios across diverse platforms.

May 2024 9h 56m

Securing Industrial Control Systems and Safety Instrumented Systems

Securing Industrial Control Systems and Safety Instrumented Systems

The book provides a solid understanding of SIS cybersecurity challenges and artifacts required to ensure the safety of mission-critical systems. It also serves as a strong foundation for anyone looking to boost their industrial security skill set.

Aug 2024 8h 32m

Incident Response for Windows

Incident Response for Windows

This exhaustive book helps you detect, respond to, and prevent cyberattacks on Windows-based systems by equipping you with the knowledge and tools needed to safeguard your organization's critical assets based on the actual threat landscape.

CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

Explore all aspects of cloud security to pass the CCSP exam and boost your career with this guide packed with use cases, mock exam questions, and tips. You'll be able to apply your new-found knowledge not only to pass the exam but also at work.

Jun 2024 18h 40m

Cryptography Algorithms

Cryptography Algorithms

Get ahead in cryptography with this second edition, covering symmetric and asymmetric encryption, zero-knowledge protocols, and quantum cryptography. Designed for cybersecurity pros, it covers updated techniques to combat evolving cyber threats.

Aug 2024 13h 40m