Mastering Kali Linux for Web Penetration Testing

Master the art of exploiting advanced web penetration techniques with Kali Linux 2016.2
Preview in Mapt

Mastering Kali Linux for Web Penetration Testing

Michael McPhee

3 customer reviews
Master the art of exploiting advanced web penetration techniques with Kali Linux 2016.2
Mapt Subscription
FREE
$29.99/m after trial
eBook
$10.00
RRP $39.99
Save 74%
Print + eBook
$49.99
RRP $49.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$10.00
$49.99
$29.99 p/m after trial
RRP $39.99
RRP $49.99
Subscription
eBook
Print + eBook
Start 30 Day Trial

Frequently bought together


Mastering Kali Linux for Web Penetration Testing Book Cover
Mastering Kali Linux for Web Penetration Testing
$ 39.99
$ 10.00
Kali Linux 2017 Wireless Penetration Testing for Beginners [Video] Book Cover
Kali Linux 2017 Wireless Penetration Testing for Beginners [Video]
$ 124.99
$ 10.00
Buy 2 for $20.00
Save $144.98
Add to Cart

Book Details

ISBN 139781784395070
Paperback338 pages

Book Description

You will start by delving into some common web application architectures in use, both in private and public cloud instances. You will also learn about the most common frameworks for testing, such as OWASP OGT version 4, and how to use them to guide your efforts. In the next section, you will be introduced to web pentesting with core tools and you will also see how to make web applications more secure through rigorous penetration tests using advanced features in open source tools. The book will then show you how to better hone your web pentesting skills in safe environments that can ensure low-risk experimentation with the powerful tools and features in Kali Linux that go beyond a typical script-kiddie approach. After establishing how to test these powerful tools safely, you will understand how to better identify vulnerabilities, position and deploy exploits, compromise authentication and authorization, and test the resilience and exposure applications possess.

By the end of this book, you will be well-versed with the web service architecture to identify and evade various protection mechanisms that are used on the Web today. You will leave this book with a greater mastery of essential test techniques needed to verify the secure design, development, and operation of your customers' web applications.

Table of Contents

Chapter 1: Common Web Applications and Architectures
Common architectures
Web application hosting
Application development cycles
Common weaknesses – where to start
Web application defenses
Summary
Chapter 2: Guidelines for Preparation and Testing
Picking your favorite testing framework
Keeping it legal and ethical
Labbing - practicing what we learn
Summary
Chapter 3: Stalking Prey Through Target Recon
The imitation game
Open source awesomeness
Being social with your target
Summary
Chapter 4: Scanning for Vulnerabilities with Arachni
Walking into spider webs
An encore for stacks and frameworks
The Arachni test scenario
Summary
Chapter 5: Proxy Operations with OWASP ZAP and Burp Suite
Pulling back the curtain with ZAP
Taking it to a new level with Burp Suite
Summary
Chapter 6: Infiltrating Sessions via Cross-Site Scripting
The low-down on XSS types
Seeing is believing
Summary
Chapter 7: Injection and Overflow Testing
Injecting some fun into your testing
Is SQL any good?
The X-factor - XML and XPath injections
Credential Jedi mind tricks
Going beyond persuasion – Injecting for execution
Down with HTTP?
Summary
Chapter 8: Exploiting Trust Through Cryptography Testing
How secret is your secret?
Assessing encryption like a pro
Exploiting the flaws
Hanging out as the Man-in-the-Middle
Summary
Chapter 9: Stress Testing Authentication and Session Management
Knock knock, who's there?
This is the session you are looking for
Functional access level control
Refining a brute's vocabulary
Summary
Chapter 10: Launching Client-Side Attacks
Why are clients so weak?
Picking on the little guys
I don't need your validation
Trendy hacks come and go
Summary
Chapter 11: Breaking the Application Logic
Speed-dating your target
Functional Feng Shui
Summary
Chapter 12: Educating the Customer and Finishing Up
Finishing up
Bringing best practices
Assessing the competition
Summary

What You Will Learn

  • Establish a fully-featured sandbox for test rehearsal and risk-free investigation of applications
  • Enlist open-source information to get a head-start on enumerating account credentials, mapping potential dependencies, and discovering unintended backdoors and exposed information
  • Map, scan, and spider web applications using nmap/zenmap, nikto, arachni, webscarab, w3af, and NetCat for more accurate characterization
  • Proxy web transactions through tools such as Burp Suite, OWASP's ZAP tool, and Vega to uncover application weaknesses and manipulate responses
  • Deploy SQL injection, cross-site scripting, Java vulnerabilities, and overflow attacks using Burp Suite, websploit, and SQLMap to test application robustness
  • Evaluate and test identity, authentication, and authorization schemes and sniff out weak cryptography before the black hats do

Authors

Table of Contents

Chapter 1: Common Web Applications and Architectures
Common architectures
Web application hosting
Application development cycles
Common weaknesses – where to start
Web application defenses
Summary
Chapter 2: Guidelines for Preparation and Testing
Picking your favorite testing framework
Keeping it legal and ethical
Labbing - practicing what we learn
Summary
Chapter 3: Stalking Prey Through Target Recon
The imitation game
Open source awesomeness
Being social with your target
Summary
Chapter 4: Scanning for Vulnerabilities with Arachni
Walking into spider webs
An encore for stacks and frameworks
The Arachni test scenario
Summary
Chapter 5: Proxy Operations with OWASP ZAP and Burp Suite
Pulling back the curtain with ZAP
Taking it to a new level with Burp Suite
Summary
Chapter 6: Infiltrating Sessions via Cross-Site Scripting
The low-down on XSS types
Seeing is believing
Summary
Chapter 7: Injection and Overflow Testing
Injecting some fun into your testing
Is SQL any good?
The X-factor - XML and XPath injections
Credential Jedi mind tricks
Going beyond persuasion – Injecting for execution
Down with HTTP?
Summary
Chapter 8: Exploiting Trust Through Cryptography Testing
How secret is your secret?
Assessing encryption like a pro
Exploiting the flaws
Hanging out as the Man-in-the-Middle
Summary
Chapter 9: Stress Testing Authentication and Session Management
Knock knock, who's there?
This is the session you are looking for
Functional access level control
Refining a brute's vocabulary
Summary
Chapter 10: Launching Client-Side Attacks
Why are clients so weak?
Picking on the little guys
I don't need your validation
Trendy hacks come and go
Summary
Chapter 11: Breaking the Application Logic
Speed-dating your target
Functional Feng Shui
Summary
Chapter 12: Educating the Customer and Finishing Up
Finishing up
Bringing best practices
Assessing the competition
Summary

Book Details

ISBN 139781784395070
Paperback338 pages
Read More
From 3 reviews

Read More Reviews

Recommended for You

Mastering Kali Linux for Advanced Penetration Testing - Second Edition Book Cover
Mastering Kali Linux for Advanced Penetration Testing - Second Edition
$ 39.99
$ 10.00
Penetration Testing Bootcamp Book Cover
Penetration Testing Bootcamp
$ 35.99
$ 10.00
Preventing Digital Extortion Book Cover
Preventing Digital Extortion
$ 24.99
$ 10.00
Kali Linux Network Scanning Cookbook - Second Edition Book Cover
Kali Linux Network Scanning Cookbook - Second Edition
$ 39.99
$ 10.00
Metasploit for Beginners Book Cover
Metasploit for Beginners
$ 27.99
$ 10.00
Applied Network Security Book Cover
Applied Network Security
$ 35.99
$ 10.00