Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Improving your Penetration Testing Skills Strengthen your defense against web attacks with Kali Linux and Metasploit

Product type Course

Published in Jul 2019

Publisher Packt

ISBN-13 9781838646073

Length 712 pages

Edition 1st Edition

Languages

Ruby

Tools

Kali Linux

Concepts

Penetration Testing

Authors (4):

Daniel Teixeira

Juned Ahmed Ansari

Abhinav Singh

Gilberto Najera-Gutierrez

View More author details

Table of Contents (24) Chapters

Title Page

Improving your Penetration Testing Skills

About Packt

Contributors

Preface

1. Introduction to Penetration Testing and Web Applications FREE CHAPTER

2. Setting Up Your Lab with Kali Linux

3. Reconnaissance and Profiling the Web Server

4. Authentication and Session Management Flaws

5. Detecting and Exploiting Injection-Based Flaws

6. Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities

7. Cross-Site Request Forgery, Identification, and Exploitation

8. Attacking Flaws in Cryptographic Implementations

9. Using Automated Scanners on Web Applications

10. Metasploit Quick Tips for Security Professionals

11. Information Gathering and Scanning

12. Server-Side Exploitation

13. Meterpreter

14. Post-Exploitation

15. Using MSFvenom

16. Client-Side Exploitation and Antivirus Bypass

17. Social-Engineer Toolkit

18. Working with Modules for Penetration Testing

1. Other Books You May Enjoy

Leave a review - let other readers know what you think

NoSQL injection

In recent years, Big Data, or the storage, processing, and analysis of enormous amounts of information in various versions and with various purposes is being increasingly promoted and implemented in companies of different sizes. This kind of information is usually nonstructured or derived from sources that are not necessarily compatible. Thus, it needs to be stored in some special kind of database, the so-called Not only SQL (NoSQL) databases such as MongoDB, CouchDB, Cassandra, and HBase.

The fact that the aforementioned database managers don't use SQL (or don't use SQL exclusively) doesn't mean that they are free from injection risk. Remember that the SQL injection vulnerability is caused by a lack of validation in the application sending the query, not in the DBMS processing it. The injection of code or altered parameters to queries of NoSQL databases...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (4)

Gilberto Najera-Gutierrez

Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).

See other products by Gilberto Najera-Gutierrez

Abhinav Singh

Abhinav Singh is a well-known information security researcher. He is the author of Metasploit Penetration Testing Cookbook (first and second editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community—paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker at eminent international conferences—Black Hat and RSA. His areas of expertise include malware research, reverse engineering, and cloud security.

See other products by Abhinav Singh

Daniel Teixeira

Daniel Teixeira is an IT security expert, author, and trainer, specializing in red team engagements, penetration testing, and vulnerability assessments. His main areas of focus are adversary simulation, emulation of modern adversarial tactics, techniques and procedures; vulnerability research, and exploit development.

See other products by Daniel Teixeira

Juned Ahmed Ansari

Juned Ahmed Ansari is a cyber security researcher based out of Mumbai. He currently leads the penetration testing and offensive security team in a prodigious MNC. Juned has worked as a consultant for large private sector enterprises, guiding them on their cyber security program. He has also worked with start-ups, helping them make their final product secure. Juned has conducted several training sessions on advanced penetration testing, which were focused on teaching students stealth and evasion techniques in highly secure environments. His primary focus areas are penetration testing, threat intelligence, and application security research.

See other products by Juned Ahmed Ansari