You're reading from Mastering Modern Web Penetration Testing Master the art of conducting modern pen testing attacks and techniques on your web application before the hacker does!

Product type Paperback

Published in Oct 2016

Publisher Packt

ISBN-13 9781785284588

Length 298 pages

Edition 1st Edition

Tools

Kali Linux

Concepts

Web Penetration Testing

Authors (2):

Prakhar Prasad

Rafay Baloch

View More author details

Table of Contents (13) Chapters

Preface

1. Common Security Protocols FREE CHAPTER

2. Information Gathering

3. Cross-Site Scripting

4. Cross-Site Request Forgery

5. Exploiting SQL Injection

6. File Upload Vulnerabilities

7. Metasploit and Web

8. XML Attacks

9. Emerging Attack Vectors

10. OAuth 2.0 Security

11. API Testing Methodology

Index

Preface

The World Wide Web, or what we generally refer to as the Web, has become a vital part of our everyday lives. The usage of the Web, ranging from a simple webmail to a complex and sensitive banking web application, has made our lives easier. The Web was initially designed as a means of sharing information among users of the Internet using a combination of web pages and a browser. The era has passed now, and it's no longer a place limited to sharing information. Instead, our day-to-day work is getting automated and put into web applications; this has definitely revolutionized communication and empowered us. The mere idea of your or my banking application being offline is a nightmare; the same is the case with cloud services, such as like Dropbox, Gmail, or even iCloud. Well, if this wasn't enough, imagine these services were hacked and all the sensitive data stored in them fell into the hands of hackers—this is even scarier, right? They can sell the data, distribute it in the public domain, or even blackmail individual users. All of this has happened in the past—recall the celebrity photo leaks in 2014, when Apple's iCloud service API was breached by hackers and sensitive photos were leaked on the Internet. Similarly, Ashley Madison, a controversial dating website, was breached in 2015, and its users received blackmail letters.

The Web, although charismatic, is not a safe place for anybody; the previously mentioned cases clearly prove the point. However, we can beef up security to an extent that it becomes really hard to break into. It's a well-known fact that nothing can be a hundred per cent secure, but improving security never hurt anybody.

In a classic penetration test of web applications, different types of attacking techniques are used to find vulnerabilities and use them to break into systems. However, the Web is a growing field, and newer technologies are added every now and then. Any penetration tester conducting a test on a web application needs to be aware of newer techniques in the domain so that the latest classes of issues don't remain unpatched; at the same time, the old techniques must be extrapolated for better outcomes. This book is an attempt to achieve both in order to impart newer techniques, such as XML attack vectors, which include the recently popular XXE attack. Then we have OAuth 2.0, which varies with implementations, and this results in flaws, such as account takeovers. Among older techniques, we have XSS, CSRF, and Metasploit Framework (relevant to web) to name a few. The content I have added here in this book will help augment the already understood concepts in depth.

This book is a means of sharing my knowledge of web applications with the community. I truly believe you will find this book beneficial in one way or another. As an author, I wish you good luck exploring this book.

Happy reading!

The rest of the chapter is locked

You're reading from Mastering Modern Web Penetration Testing Master the art of conducting modern pen testing attacks and techniques on your web application before the hacker does!

Table of Contents (13) Chapters

Preface

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you