Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Web Penetration Testing with Kali Linux

You're reading from   Web Penetration Testing with Kali Linux Explore the methods and tools of ethical hacking with Kali Linux

Arrow left icon
Product type Paperback
Published in Feb 2018
Publisher
ISBN-13 9781788623377
Length 426 pages
Edition 3rd Edition
Arrow right icon
Authors (3):
Arrow left icon
Juned Ahmed Ansari Juned Ahmed Ansari
Author Profile Icon Juned Ahmed Ansari
Juned Ahmed Ansari
Daniel W. Dieterle Daniel W. Dieterle
Author Profile Icon Daniel W. Dieterle
Daniel W. Dieterle
Gilberto Najera-Gutierrez Gilberto Najera-Gutierrez
Author Profile Icon Gilberto Najera-Gutierrez
Gilberto Najera-Gutierrez
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Introduction to Penetration Testing and Web Applications FREE CHAPTER 2. Setting Up Your Lab with Kali Linux 3. Reconnaissance and Profiling the Web Server 4. Authentication and Session Management Flaws 5. Detecting and Exploiting Injection-Based Flaws 6. Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities 7. Cross-Site Request Forgery, Identification, and Exploitation 8. Attacking Flaws in Cryptographic Implementations 9. AJAX, HTML5, and Client-Side Attacks 10. Other Common Security Flaws in Web Applications 11. Using Automated Scanners on Web Applications 12. Other Books You May Enjoy

Preface

Web applications, and more recently, web services are now a part of our daily life—from government procedures to social media to banking applications; they are even on mobile applications that send and receive information through the use of web services. Companies and people in general use web applications excessively daily. This fact alone makes web applications an attractive target for information thieves and other criminals. Hence, protecting these applications and their infrastructure from attacks is of prime importance for developers and owners.

In recent months, there has been news, the world over, of massive data breaches, abuse of the functionalities of applications for generating misinformation, or collection of user's information, which is then sold to advertising companies. People are starting to be more concerned of how their information is used and protected by the companies the trust with it. So, companies need to take proactive actions to prevent such leaks or attacks from happening. This is done in many fronts, from stricter quality controls during the development process to PR and managing the media presence when an incident is detected.

Because development cycles are shorter and much more dynamic with current methodologies, increasing the complexity in the multitude of technologies is required to create a modern web application. Also, some inherited bad practices developers are not able to fully test their web application from a security perspective, given that their priority is to deliver a working product on time. This complexity in web applications and in the development process itself creates the need for a professional specialized in security testing, who gets involved in the process and takes responsibility of putting the application to test from a security perspective, more specifically, from an attacker's point of view. This professional is a penetration tester.

In this book, we go from the basic concepts of web applications and penetration testing, to cover every phase in the methodology; from gaining information to identifying possible weak spots to exploiting vulnerabilities. A key task of a penetration tester is this: once they find and verify a vulnerability, they need to advise the developers on how to fix such flaws and prevent them from recurring. Therefore, all the chapters in this book that are dedicated to identification and exploitation of vulnerabilities also include a section briefly covering how to prevent and mitigate each of such attacks.

lock icon The rest of the chapter is locked
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at ₹800/month. Cancel anytime