Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Improving your Penetration Testing Skills Strengthen your defense against web attacks with Kali Linux and Metasploit

Product type Course

Published in Jul 2019

Publisher Packt

ISBN-13 9781838646073

Length 712 pages

Edition 1st Edition

Languages

Ruby

Tools

Kali Linux

Concepts

Penetration Testing

Authors (4):

Daniel Teixeira

Juned Ahmed Ansari

Abhinav Singh

Gilberto Najera-Gutierrez

View More author details

Table of Contents (24) Chapters

Title Page

Improving your Penetration Testing Skills

About Packt

Contributors

Preface

1. Introduction to Penetration Testing and Web Applications FREE CHAPTER

2. Setting Up Your Lab with Kali Linux

3. Reconnaissance and Profiling the Web Server

4. Authentication and Session Management Flaws

5. Detecting and Exploiting Injection-Based Flaws

6. Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities

7. Cross-Site Request Forgery, Identification, and Exploitation

8. Attacking Flaws in Cryptographic Implementations

9. Using Automated Scanners on Web Applications

10. Metasploit Quick Tips for Security Professionals

11. Information Gathering and Scanning

12. Server-Side Exploitation

13. Meterpreter

14. Post-Exploitation

15. Using MSFvenom

16. Client-Side Exploitation and Antivirus Bypass

17. Social-Engineer Toolkit

18. Working with Modules for Penetration Testing

1. Other Books You May Enjoy

Leave a review - let other readers know what you think

Secure communication over SSL/TLS

Secure Sockets Layer (SSL) is an encryption protocol designed to secure communications over the network. Netscape developed the SSL protocol in 1994. In 1999, the Internet Engineering Task Force (IETF) released the Transport Layer Security (TLS) protocol, superseding SSL protocol version 3. SSL is now considered insecure because of multiple vulnerabilities identified over the years. The POODLE and BEAST vulnerabilities, which we will discuss further in later sections, expose flaws in the SSL protocol itself and hence cannot be fixed with a software patch. SSL was declared deprecated by the IETF, and upgrading to TLS was suggested as the protocol to use for secure communications. The most recent version of TLS is version 1.2. We always recommend that you use the latest version of TLS and avoid allowing connections from clients using older versions...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (4)

Gilberto Najera-Gutierrez

Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).

See other products by Gilberto Najera-Gutierrez

Abhinav Singh

Abhinav Singh is a well-known information security researcher. He is the author of Metasploit Penetration Testing Cookbook (first and second editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community—paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker at eminent international conferences—Black Hat and RSA. His areas of expertise include malware research, reverse engineering, and cloud security.

See other products by Abhinav Singh

Daniel Teixeira

Daniel Teixeira is an IT security expert, author, and trainer, specializing in red team engagements, penetration testing, and vulnerability assessments. His main areas of focus are adversary simulation, emulation of modern adversarial tactics, techniques and procedures; vulnerability research, and exploit development.

See other products by Daniel Teixeira

Juned Ahmed Ansari

Juned Ahmed Ansari is a cyber security researcher based out of Mumbai. He currently leads the penetration testing and offensive security team in a prodigious MNC. Juned has worked as a consultant for large private sector enterprises, guiding them on their cyber security program. He has also worked with start-ups, helping them make their final product secure. Juned has conducted several training sessions on advanced penetration testing, which were focused on teaching students stealth and evasion techniques in highly secure environments. His primary focus areas are penetration testing, threat intelligence, and application security research.

See other products by Juned Ahmed Ansari