Chapter 1, Setting up Kali Linux and the Testing Lab, takes the reader through the process of configuring and updating the system. The installation of virtualization software is also covered, including the configuration of the virtual machines that will compose our penetration testing lab.
Chapter 2, Reconnaissance, allows the reader to put into practice some information-gathering techniques in order to gain intelligence about the system to be tested, the software installed on it, and how the target web application is built.
Chapter 3, Using Proxies, Crawlers, and Spiders, guides the reader on how to use these tools, which are a must in every analysis of a web application, be it a functional one or a more security-focused one, such as a penetration test.
Chapter 4, Testing Authentication and Session Management, focuses on identifying and exploiting vulnerabilities commonly found in the mechanisms used by web applications to verify the identity of users and the authenticity of their actions.
Chapter 5, Cross-Site Scripting and Client-Side Attacks, introduces the reader to one of the most common and severe security flaws in web applications, Cross-Site Scripting, and other attacks that have other users as targets instead of the application itself.
Chapter 6, Exploiting Injection Vulnerabilities, covers several ways in which applications' functionalities may be abused to execute arbitrary code of different languages and systems, such as SQL and XML, among others, on the server side.
Chapter 7, Exploiting Platform Vulnerabilities, goes one step further in the analysis and exploitation of vulnerabilities by looking into the platform that supports the application. Vulnerabilities in the web server, operating systems, and development frameworks are covered in this chapter.
Chapter 8, Using Automated Scanners, covers a very important aspect of the discovery of vulnerabilities, the use of tools specially designed to automatically find security flaws in web applications: automated vulnerability scanners.
Chapter 9, Bypassing Basic Security Controls, moves on to the advanced topic of evasion and bypassing measures that are not properly implemented by developers when attempting to mitigate or fix vulnerabilities, leaving the application still open to attacks, although more complex ones.
Chapter 10, Mitigation of OWASP Top 10 Vulnerabilities, covers the topic of organizations hiring penetration testers to attack their servers and applications with the goal of knowing what's wrong in order to know what they should fix and how. The chapter covers that area of penetration testing by giving simple and direct guidelines on what to do to fix and prevent the most critical web application vulnerabilities according to Open Web Application Security Project (OWASP).
