Web Penetration Testing with Kali Linux
|Also available on:|
- Learn key reconnaissance concepts needed as a penetration tester
- Attack and exploit key features, authentication, and sessions on web applications
- Learn how to protect systems, write reports, and sell web penetration testing services
Table of Contents
Chapter 1: Penetration Testing and Setup
Chapter 2: Reconnaissance
Chapter 3: Server-side Attacks
Chapter 4: Client-side Attacks
Chapter 5: Attacking Authentication
Chapter 6: Web Attacks
Chapter 7: Defensive Countermeasures
Chapter 8: Penetration Test Executive Report
Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.
Errata- 11 submitted: last submission 24 Jan 2014
Errata type: Typo | Page number: 3
Inside the "Who this book is for" section of the Preface, the sentence:
"If you are looking to identify how to perform a Penetration Test against web applications and present findings to a customer is a professional manner then this book is for you"
"If you are looking to identify how to perform a Penetration Test against web applications and present findings to a customer in a professional manner then this book is for you".
Errata type: Typo | Page number: 20
It should be "Remove evidence of unauthorized access"
"Remove evidence of authorized access""
Errata type: Typo | Page number: 122
In the last paragraph, the sentence "For example, there are interfaces named eth0 and eth1, issue the command Ifdown eth0 to disable the eth0 interface."
"For example, there are interfaces named eth0 and eth1, issue the command ifdown eth0 to disable the eth0 interface."
Errata type: Typo | Page number: 125
In the tip, the sentence "arpspoof has many options. You can use the command man iptables see additional options."
"iptables has many options. You can use the command man iptables see additional options."
Errata type: Typo | Page number: 31
Under the second bullet point "Hardware Hacking", the sentence "This section contains Android tools, which could be classified as mobile, and Ardunio tools that are used for programming and controlling other small electronic devices."
"This section contains Android tools, which could be classified as mobile, and Arduino tools that are used for programming and controlling other small electronic devices."
Errata type: Typo | Page number:30
In the last point, under "Reverse Engineering", the sentence "These tools are used to disable an executable and debug programs."
"These tools are used to disassemble an executable and debug programs."
Errata type: Typo | Page number: 78
In the fifth paragraph, the line "Skipfish –o (output location) –W (location of wordlist) (target website)"
"skipfish –o (output location) –W (location of wordlist) (target website)".
Errata type: Typo | Page number: 34
Under the Reconnaissance objectives section, the third bullet point:
It should be "Target's investment in security: Are security policies advertised? What is the potential security investment, and user security awareness?"
"Target's investment in security: Are security policies advertised? What is the potential investment security, and user security awareness?"
Errata type: Typo | Page number: 151
In the first paragraph, the sentence "The third tab on the left provides options for exporting scans, as shown in the following two screenshots:" should be "The third tab on the left provides options for exporting scans, as shown in the following screenshot:"
Errata type: code | Page number: 161
The command cd /root/AttackDirectory > windowshashfiles.txt should be cat /root/AttackDirectory/* > windowshashfiles.txt
Errata type: Graphics | Page number: 199
The graphic after the note is incorrect. The correct graphic should be 3169_Chapter5_Image53_3.png.
What you will learn from this book
- Perform vulnerability reconnaissance to gather information on your targets
- Expose server vulnerabilities and take advantage of them to gain privileged access
- Exploit client-based systems using web application protocols
- Learn how to use SQL and cross-site scripting (XSS) attacks
- Steal authentications through session hijacking techniques
- Harden systems so other attackers do not exploit them easily
- Generate reports for penetration testers
- Learn tips and trade secrets from real world penetration testers
Kali Linux is built for professional penetration testing and security auditing. It is the next-generation of BackTrack, the most popular open-source penetration toolkit in the world. Readers will learn how to think like real attackers, exploit systems, and expose vulnerabilities.
Even though web applications are developed in a very secure environment and have an intrusion detection system and firewall in place to detect and prevent any malicious activity, open ports are a pre-requisite for conducting online business. These ports serve as an open door for attackers to attack these applications. As a result, penetration testing becomes essential to test the integrity of web-applications. Web Penetration Testing with Kali Linux is a hands-on guide that will give you step-by-step methods on finding vulnerabilities and exploiting web applications.
"Web Penetration Testing with Kali Linux" looks at the aspects of web penetration testing from the mind of an attacker. It provides real-world, practical step-by-step instructions on how to perform web penetration testing exercises.
You will learn how to use network reconnaissance to pick your targets and gather information. Then, you will use server-side attacks to expose vulnerabilities in web servers and their applications. Client attacks will exploit the way end users use web applications and their workstations. You will also learn how to use open source tools to write reports and get tips on how to sell penetration tests and look out for common pitfalls.
On the completion of this book, you will have the skills needed to use Kali Linux for web penetration tests and expose vulnerabilities on web applications and clients that access them.
"Web Penetration Testing with Kali Linux" contains various penetration testing methods using BackTrack that will be used by the reader. It contains clear step-by-step instructions with lot of screenshots. It is written in an easy to understand language which will further simplify the understanding for the user.
Who this book is for