0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Kali Linux Web Penetration Testing Cookbook

You're reading from Kali Linux Web Penetration Testing Cookbook Identify, exploit, and prevent web application vulnerabilities with Kali Linux 2018.x

Product type Paperback

Published in Aug 2018

Publisher Packt

ISBN-13 9781788991513

Length 404 pages

Edition 2nd Edition

Languages

C

Tools

Kali Linux

Concepts

Penetration Testing

Author (1):

Gilberto Najera-Gutierrez

View More author details

Table of Contents (12) Chapters

Preface

1. Setting Up Kali Linux and the Testing Lab FREE CHAPTER

2. Reconnaissance

3. Using Proxies, Crawlers, and Spiders

4. Testing Authentication and Session Management

5. Cross-Site Scripting and Client-Side Attacks

6. Exploiting Injection Vulnerabilities

7. Exploiting Platform Vulnerabilities

8. Using Automated Scanners

9. Bypassing Basic Security Controls

10. Mitigation of OWASP Top 10 Vulnerabilities

11. Other Books You May Enjoy

Leave a review - let other readers know what you think

Exploiting Injection Vulnerabilities

In this chapter we will cover the following topics:

Looking for file inclusions
Abusing file inclusions and uploads
Manually identifying SQL injection
Step-by-step error-based SQL injection
Identifying and exploiting blind SQL injections
Finding and exploiting SQL injections with SQLMap
Exploiting an XML External Entity injection
Detecting and exploiting command injection vulnerabilities

The rest of the chapter is locked

Visually different images

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Kali Linux Web Penetration Testing Cookbook

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Gilberto Najera-Gutierrez

Gilberto Najera-Gutierrez

Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).

See other products by Gilberto Najera-Gutierrez

Other recommended products

Related to this chapter

Web Penetration Testing with Kali Linux

Web Penetration Testing with Kali Linux

This book covers everything you need to set up a Kali Linux lab, the latest generation of the BackTrack Linux penetration testing and security auditing Linux distribution. Learn how to use the hundred tools Kali Linux has so you can manage security tasks such as penetration testing, forensics, and reverse engineering.

Feb 2018 14h 12m

Burp Suite Cookbook

Burp Suite Cookbook

The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.

Sep 2018 11h 56m

Hands-On Application Penetration Testing with Burp Suite

Hands-On Application Penetration Testing with Burp Suite

Using Burp Suite, you can quickly build proof of concepts, extract data via an exploit, attack multiple end points in an application and even begin to script complex multi stage attacks. This book will provide a hands-on coverage on how you can get started with executing an application penetration test and be sure of the results.

Feb 2019 12h 12m

Bug Bounty Hunting Essentials

Bug Bounty Hunting Essentials

Bug Bounty hunting is a new method which companies use to test their applications. There is no dedicated methodology in place right now to help researchers upskill themselves and become bug bounty hunters, that is why there is ambiguity as to what the field is about, the book solves that problem. The book allows readers to train themselves as bug bounty hunters to excel in the field of application security.

Metasploit 5.0 for Beginners

Metasploit 5.0 for Beginners

Metasploit 5.x for Beginners will provide a good starting point to perform penetration testing and identify threats and vulnerabilities to secure your IT environment. You will be able to analyze, identify, and exploit threats and vulnerabilities to secure your IT environment.

Apr 2020 8h 12m

Mastering Kali Linux for Web Penetration Testing

Mastering Kali Linux for Web Penetration Testing

Kali Linux 2016.2 is the next generation of Back Track 5, which is one of the best open-source penetration tool kits. Mastering Kali Linux for Web Penetration Testing will assist you in responsibly exposing identifying, and disclosing weaknesses and flaws in web applications at all stages of development.

Jun 2017 11h 16m

Learn Kali Linux 2019

Learn Kali Linux 2019

The current trend of various hacking and security breaches displays how important it has become to pentest your environment, to ensure end point protection. This book will take you through the latest version of Kali Linux to efficiently deal with various crucial security aspects such as confidentiality, integrity, access control and authentication.

Nov 2019 18h 20m

Metasploit Bootcamp

Metasploit Bootcamp

Metasploit Bootcamp will enable readers to gain hands-on knowledge on Penetration testing with Metasploit in various environments using a boot camp style approach. The readers will learn about Scanning, fingerprinting and exploiting different software. They will also learn about testing on services like Databases, VOIP and other known and unknown services. Attacking client side and scripting attacks would be made easy with this book. Overall the readers would learn how to test various devices and learn how to integrate Metasploit with industry's leading tools.

May 2017 7h 40m

Learning Python Web Penetration Testing

Learning Python Web Penetration Testing

This book will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for every main activity in the process. It will show you how to test for security vulnerabilities in web applications just like security professionals and hackers do.

Jun 2018 4h 36m

Network Vulnerability Assessment

Network Vulnerability Assessment

Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model.

Aug 2018 8h 28m

Practical Security Automation and Testing

Practical Security Automation and Testing

Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention.

Feb 2019 8h 32m

Hands-On Bug Hunting for Penetration Testers

Hands-On Bug Hunting for Penetration Testers

Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.

Sep 2018 8h 20m

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 24m

API Security for White Hat Hackers

API Security for White Hat Hackers

API Security for White Hat Hackers is a comprehensive guide that simplifies API security by showing you how to identify and fix vulnerabilities. From emerging threats to best practices, this book helps you defend and safeguard your APIs.

Jun 2024 13h 56m

Securing Cloud PCs and Azure Virtual Desktop

Securing Cloud PCs and Azure Virtual Desktop

This book covers the fundamentals of Windows 365 and Azure Virtual Desktop, addressing endpoint security challenges. You'll also explore advanced security measures for virtual environments.

Jun 2024 13h 12m

Cybersecurity Strategies and Best Practices

Cybersecurity Strategies and Best Practices

This book offers real-world case studies, holistic approaches, and practical guidance to boost your cybersecurity expertise. You'll learn how to align security strategies with business objectives and stay ahead of the evolving threat landscape.

May 2024 8h 24m

PowerShell for Penetration Testing

PowerShell for Penetration Testing

Designed for security professionals and aspiring pentesters, this book equips you with the skills and knowledge to exploit vulnerabilities, gain access, and navigate post-exploitation scenarios across diverse platforms.

May 2024 9h 56m

Securing Industrial Control Systems and Safety Instrumented Systems

Securing Industrial Control Systems and Safety Instrumented Systems

The book provides a solid understanding of SIS cybersecurity challenges and artifacts required to ensure the safety of mission-critical systems. It also serves as a strong foundation for anyone looking to boost their industrial security skill set.

Aug 2024 8h 32m

Incident Response for Windows

Incident Response for Windows

This exhaustive book helps you detect, respond to, and prevent cyberattacks on Windows-based systems by equipping you with the knowledge and tools needed to safeguard your organization's critical assets based on the actual threat landscape.

CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

Explore all aspects of cloud security to pass the CCSP exam and boost your career with this guide packed with use cases, mock exam questions, and tips. You'll be able to apply your new-found knowledge not only to pass the exam but also at work.

Jun 2024 18h 40m

Cryptography Algorithms

Cryptography Algorithms

Get ahead in cryptography with this second edition, covering symmetric and asymmetric encryption, zero-knowledge protocols, and quantum cryptography. Designed for cybersecurity pros, it covers updated techniques to combat evolving cyber threats.

Aug 2024 13h 40m