Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Web Penetration Testing with Kali Linux Explore the methods and tools of ethical hacking with Kali Linux

Product type Paperback

Published in Feb 2018

Publisher

ISBN-13 9781788623377

Length 426 pages

Edition 3rd Edition

Tools

Kali Linux

Concepts

Ethical Hacking

Authors (3):

Juned Ahmed Ansari

Daniel W. Dieterle

Gilberto Najera-Gutierrez

View More author details

Table of Contents (13) Chapters

Preface

1. Introduction to Penetration Testing and Web Applications FREE CHAPTER

2. Setting Up Your Lab with Kali Linux

3. Reconnaissance and Profiling the Web Server

4. Authentication and Session Management Flaws

5. Detecting and Exploiting Injection-Based Flaws

6. Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities

7. Cross-Site Request Forgery, Identification, and Exploitation

8. Attacking Flaws in Cryptographic Implementations

9. AJAX, HTML5, and Client-Side Attacks

10. Other Common Security Flaws in Web Applications

11. Using Automated Scanners on Web Applications

12. Other Books You May Enjoy

Leave a review – let other readers know what you think

Information gathering

As stated earlier, the main goal of reconnaissance is to gather information while avoiding detection and alerts on intrusion-detection mechanisms. Passive reconnaissance is used to extract information related to the target from publicly available resources. In a web application penetration test, to begin you will be given a URL. You will then scope the entire website and try to connect the different pieces. Passive reconnaissance is also known as Open Source Intelligence (OSINT) gathering.

In a black box penetration test, where you have no previous information about the target and have to approach it like an uninformed attacker, reconnaissance plays a major role. The URL of a website is the only thing you have, to expand your knowledge about the target.

Domain...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (3)

Dieterle

Daniel W. Dieterle, with over 20 years in IT, has evolved from a system and network support role to a dedicated Computer Security Researcher and Author. His expertise, honed in diverse environments like corporate data centers and Ivy League schools, is reflected in his Kali Linux-based books, widely used globally for security training in universities, government, and private sectors. He has contributed to numerous technical books, articles, and security training classes, and is passionate about mentoring newcomers in the field.

See other products by Dieterle

Gilberto Najera-Gutierrez

Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).

See other products by Gilberto Najera-Gutierrez

Juned Ahmed Ansari

Juned Ahmed Ansari is a cyber security researcher based out of Mumbai. He currently leads the penetration testing and offensive security team in a prodigious MNC. Juned has worked as a consultant for large private sector enterprises, guiding them on their cyber security program. He has also worked with start-ups, helping them make their final product secure. Juned has conducted several training sessions on advanced penetration testing, which were focused on teaching students stealth and evasion techniques in highly secure environments. His primary focus areas are penetration testing, threat intelligence, and application security research.

See other products by Juned Ahmed Ansari