Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Web Penetration Testing with Kali Linux Explore the methods and tools of ethical hacking with Kali Linux

Product type Paperback

Published in Feb 2018

Publisher

ISBN-13 9781788623377

Length 426 pages

Edition 3rd Edition

Tools

Kali Linux

Concepts

Ethical Hacking

Authors (3):

Juned Ahmed Ansari

Daniel W. Dieterle

Gilberto Najera-Gutierrez

View More author details

Table of Contents (13) Chapters

Preface

1. Introduction to Penetration Testing and Web Applications FREE CHAPTER

2. Setting Up Your Lab with Kali Linux

3. Reconnaissance and Profiling the Web Server

4. Authentication and Session Management Flaws

5. Detecting and Exploiting Injection-Based Flaws

6. Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities

7. Cross-Site Request Forgery, Identification, and Exploitation

8. Attacking Flaws in Cryptographic Implementations

9. AJAX, HTML5, and Client-Side Attacks

10. Other Common Security Flaws in Web Applications

11. Using Automated Scanners on Web Applications

12. Other Books You May Enjoy

Leave a review – let other readers know what you think

An overview of Cross-Site Scripting

The name, Cross-Site Scripting, may not intuitively relate to its current definition. This is because the term originally referred to a related, but different attack. In the late 1990s and early 2000s, it was possible to read data from web pages loaded in adjacent windows or frames using JavaScript code. Thus, a malicious website could cross the boundary between the two and interact with contents loaded on an entirely different web page not related to its domain. This was later fixed by browser developers, but the attack name was inherited by the technique that makes web pages load and execute malicious scripts in the browser rather than reading contents from adjacent frames.

In simple terms, an XSS attack allows the attacker to execute malicious script code in another user's browser. It could be JavaScript, VBScript, or any other script...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (3)

Dieterle

Daniel W. Dieterle, with over 20 years in IT, has evolved from a system and network support role to a dedicated Computer Security Researcher and Author. His expertise, honed in diverse environments like corporate data centers and Ivy League schools, is reflected in his Kali Linux-based books, widely used globally for security training in universities, government, and private sectors. He has contributed to numerous technical books, articles, and security training classes, and is passionate about mentoring newcomers in the field.

See other products by Dieterle

Gilberto Najera-Gutierrez

Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).

See other products by Gilberto Najera-Gutierrez

Juned Ahmed Ansari

Juned Ahmed Ansari is a cyber security researcher based out of Mumbai. He currently leads the penetration testing and offensive security team in a prodigious MNC. Juned has worked as a consultant for large private sector enterprises, guiding them on their cyber security program. He has also worked with start-ups, helping them make their final product secure. Juned has conducted several training sessions on advanced penetration testing, which were focused on teaching students stealth and evasion techniques in highly secure environments. His primary focus areas are penetration testing, threat intelligence, and application security research.

See other products by Juned Ahmed Ansari