Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Mastering Kali Linux for Web Penetration Testing The ultimate defense against complex organized threats and attacks

Product type Paperback

Published in Jun 2017

Publisher Packt

ISBN-13 9781784395070

Length 338 pages

Edition 1st Edition

Languages

Java

Tools

Kali Linux

Concepts

Penetration Testing

Author (1):

Michael McPhee

View More author details

Table of Contents (13) Chapters

Preface

1. Common Web Applications and Architectures FREE CHAPTER

2. Guidelines for Preparation and Testing

3. Stalking Prey Through Target Recon

4. Scanning for Vulnerabilities with Arachni

5. Proxy Operations with OWASP ZAP and Burp Suite

6. Infiltrating Sessions via Cross-Site Scripting

7. Injection and Overflow Testing

8. Exploiting Trust Through Cryptography Testing

9. Stress Testing Authentication and Session Management

10. Launching Client-Side Attacks

11. Breaking the Application Logic

12. Educating the Customer and Finishing Up

Summary

As I mentioned in the beginning of this chapter, the recon phase can make or break the subsequent phases. The information gathering will feed your cracking and fuzzing operations, narrowing search fields to something significantly more manageable. The work saved in focusing the testing translates into tighter test criteria, more successful testing approaches, less churn and trial and error, and much more salient reports. Customers often learn as much about what we find in this phase as they will in the remaining phases, and this brings up a crucial point. The quality and quantity of information available online about their systems and the people using them can have dramatic consequences in the future. Proactive actions to limit or reduce this exposure improves their security posture and should be both encouraged and coached.

In this chapter, we explored some deeper uses...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

McPhee

Michael McPhee is a systems engineer at Cisco in New York, where he has worked for the last 4 years and has focused on cyber security, switching, and routing. Mikes current role sees him consulting on security and network infrastructures, and he frequently runs clinics and delivers training to help get his customers up to speed. Suffering from a learning addiction, Mike has obtained the following certifications along the way: CEH, CCIE R&S, CCIE Security, CCIP, CCDP, ITILv3, and the Cisco Security White Belt. He is currently working on his VCP6-DV certification, following his kids to soccer games and tournaments, traveling with his wife and kids to as many places as possible, and scouting out his future all-grain beer home brewing rig. He also spends considerable time breaking his home network (for science!), much to the family's dismay. Prior to joining Cisco, Mike spent 6 years in the U.S. Navy and another 10 working on communications systems as a systems engineer and architect for defense contractors, where he helped propose, design, and develop secure command and control networks and electronic warfare systems for the US DoD and NATO allies. Prior publication: Penetration Testing with the Raspberry Pi Second Edition (with Jason Beltrame), Packt Publishing, November 2016.

See other products by McPhee