Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Kali Linux Web Penetration Testing Cookbook

You're reading from   Kali Linux Web Penetration Testing Cookbook Over 80 recipes on how to identify, exploit, and test web application security with Kali Linux 2

Arrow left icon
Product type Paperback
Published in Feb 2016
Publisher
ISBN-13 9781784392918
Length 296 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Gilberto Najera-Gutierrez Gilberto Najera-Gutierrez
Author Profile Icon Gilberto Najera-Gutierrez
Gilberto Najera-Gutierrez
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Setting Up Kali Linux FREE CHAPTER 2. Reconnaissance 3. Crawlers and Spiders 4. Finding Vulnerabilities 5. Automated Scanners 6. Exploitation – Low Hanging Fruits 7. Advanced Exploitation 8. Man in the Middle Attacks 9. Client-Side Attacks and Social Engineering 10. Mitigation of OWASP Top 10 Index

What this book covers

Chapter 1, Setting Up Kali Linux, takes the reader through the process of configuring and updating the system; also, the installation of virtualization software is covered, including the configuration of the virtual machines that will comprise our penetration testing lab.

Chapter 2, Reconnaissance, enables the reader to put to practice some of the information gathering techniques in order to gain intelligence about the system to be tested, the software installed on it, and how the target web application is built.

Chapter 3, Crawlers and Spiders, shows the reader how to use these tools, which are a must in every analysis of a web application, be it a functional one or more security focused, such as a penetration test.

Chapter 4, Finding Vulnerabilities, explains that the core of a vulnerability analysis or a penetration test is to discover weak spots in the tested applications; recipes are focused on how to manually identify some of the most common vulnerabilities by introducing specific input values on applications' forms and analyzing their outputs.

Chapter 5, Automated Scanners, covers a very important aspect of the discovery of vulnerabilities, the use of tools specially designed to automatically find security flaws in web applications: automated vulnerability scanners.

Chapter 6, Exploitation – Low Hanging Fruits, is the first chapter where we go further than just identifying the existence of some vulnerability. Every recipe in this chapter is focused on exploiting a specific type of vulnerability and using that exploitation to extract sensitive information or gain a more privileged level of access to the application.

Chapter 7, Advanced Exploitation, follows the path of the previous chapter; here, the reader will have the opportunity to practice a more advanced and a more in-depth set of exploitation techniques for the most difficult situations and the most sophisticated setups.

Chapter 8, Man in the Middle Attacks. Although not specific to web applications, MITM attacks play a very important role in the modern information security scenario. In this chapter, we will see how these are performed and what an attacker can do to their victims through such techniques.

Chapter 9, Client-Side Attacks and Social Engineering, explains how it's constantly said that the user is the weakest link in the security chain, but traditionally, penetration testing assessments exclude client-side attacks and social engineering campaigns. It is the goal of this book to give the reader a global view on penetration testing and to encourage the execution of assessments that cover all the aspects of security; this is why in this chapter we show how users can be targeted by hackers through technological and social means.

Chapter 10, Mitigation of OWASP Top 10, shows that organizations hire penetration testers to attack their servers and applications with the goal of knowing what's wrong, in order to know what they should fix and how. This chapter covers that face of penetration testing by giving simple and direct guidelines on what to do to fix and prevent the most critical web application vulnerabilities according to OWASP (Open Web Application Security Project).

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime