Web Penetration Testing with Kali Linux

Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit.

Web Penetration Testing with Kali Linux

Joseph Muniz, Aamir Lakhani

Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit.
Mapt Subscription
FREE
$29.99/m after trial
eBook
$21.00
RRP $29.99
Save 29%
Print + eBook
$49.99
RRP $49.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$21.00
$49.99
$29.99p/m after trial
RRP $29.99
RRP $49.99
Subscription
eBook
Print + eBook
Start 30 Day Trial
Subscribe and access every Packt eBook & Video.
 
  • 5,000+ eBooks & Videos
  • 50+ New titles a month
  • 1 Free eBook/Video to keep every month
Start Free Trial
 
Code Files
Preview in Mapt

Book Details

ISBN 139781782163169
Paperback342 pages

Book Description

Kali Linux is built for professional penetration testing and security auditing. It is the next-generation of BackTrack, the most popular open-source penetration toolkit in the world. Readers will learn how to think like real attackers, exploit systems, and expose vulnerabilities.

Even though web applications are developed in a very secure environment and have an intrusion detection system and firewall in place to detect and prevent any malicious activity, open ports are a pre-requisite for conducting online business. These ports serve as an open door for attackers to attack these applications. As a result, penetration testing becomes essential to test the integrity of web-applications. Web Penetration Testing with Kali Linux is a hands-on guide that will give you step-by-step methods on finding vulnerabilities and exploiting web applications.

"Web Penetration Testing with Kali Linux" looks at the aspects of web penetration testing from the mind of an attacker. It provides real-world, practical step-by-step instructions on how to perform web penetration testing exercises.

You will learn how to use network reconnaissance to pick your targets and gather information. Then, you will use server-side attacks to expose vulnerabilities in web servers and their applications. Client attacks will exploit the way end users use web applications and their workstations. You will also learn how to use open source tools to write reports and get tips on how to sell penetration tests and look out for common pitfalls.

On the completion of this book, you will have the skills needed to use Kali Linux for web penetration tests and expose vulnerabilities on web applications and clients that access them.

Table of Contents

Chapter 1: Penetration Testing and Setup
Web application Penetration Testing concepts
Penetration Testing methodology
Kali Penetration Testing concepts
Introducing Kali Linux
Kali system setup
Kali toolset overview
Summary
Chapter 2: Reconnaissance
Reconnaissance objectives
Initial research
Summary
Chapter 3: Server-side Attacks
Vulnerability assessment
Exploitation
Exploiting e-mail systems
Brute-force attacks
Cracking passwords
Man-in-the-middle
Summary
Chapter 4: Client-side Attacks
Social engineering
Social Engineering Toolkit (SET)
MitM Proxy
Host scanning
Obtaining and cracking user passwords
Kali password cracking tools
Other tools available in Kali
Summary
Chapter 5: Attacking Authentication
Attacking session management
Hijacking web session cookies
Web session tools
SQL Injection
Cross-site scripting (XSS)
Testing cross-site scripting
XSS cookie stealing / Authentication hijacking
Other tools
Summary
Chapter 6: Web Attacks
Browser Exploitation Framework – BeEF
FoxyProxy – Firefox plugin
BURP Proxy
OWASP – ZAP
SET password harvesting
Fimap
Denial of Services (DoS)
Low Orbit Ion Cannon
Other tools
Summary
Chapter 7: Defensive Countermeasures
Testing your defenses
Mirror your environment
Man-in-the-middle defense
Denial of Service defense
Cookie defense
Clickjacking defense
Digital forensics
Summary
Chapter 8: Penetration Test Executive Report
Compliance
Industry standards
Professional services
Documentation
Report format
Statement of Work (SOW)
Kali reporting tools
Summary

What You Will Learn

  • Perform vulnerability reconnaissance to gather information on your targets
  • Expose server vulnerabilities and take advantage of them to gain privileged access
  • Exploit client-based systems using web application protocols
  • Learn how to use SQL and cross-site scripting (XSS) attacks
  • Steal authentications through session hijacking techniques
  • Harden systems so other attackers do not exploit them easily
  • Generate reports for penetration testers
  • Learn tips and trade secrets from real world penetration testers

Authors

Table of Contents

Chapter 1: Penetration Testing and Setup
Web application Penetration Testing concepts
Penetration Testing methodology
Kali Penetration Testing concepts
Introducing Kali Linux
Kali system setup
Kali toolset overview
Summary
Chapter 2: Reconnaissance
Reconnaissance objectives
Initial research
Summary
Chapter 3: Server-side Attacks
Vulnerability assessment
Exploitation
Exploiting e-mail systems
Brute-force attacks
Cracking passwords
Man-in-the-middle
Summary
Chapter 4: Client-side Attacks
Social engineering
Social Engineering Toolkit (SET)
MitM Proxy
Host scanning
Obtaining and cracking user passwords
Kali password cracking tools
Other tools available in Kali
Summary
Chapter 5: Attacking Authentication
Attacking session management
Hijacking web session cookies
Web session tools
SQL Injection
Cross-site scripting (XSS)
Testing cross-site scripting
XSS cookie stealing / Authentication hijacking
Other tools
Summary
Chapter 6: Web Attacks
Browser Exploitation Framework – BeEF
FoxyProxy – Firefox plugin
BURP Proxy
OWASP – ZAP
SET password harvesting
Fimap
Denial of Services (DoS)
Low Orbit Ion Cannon
Other tools
Summary
Chapter 7: Defensive Countermeasures
Testing your defenses
Mirror your environment
Man-in-the-middle defense
Denial of Service defense
Cookie defense
Clickjacking defense
Digital forensics
Summary
Chapter 8: Penetration Test Executive Report
Compliance
Industry standards
Professional services
Documentation
Report format
Statement of Work (SOW)
Kali reporting tools
Summary

Book Details

ISBN 139781782163169
Paperback342 pages
Read More

Read More Reviews

Recommended for You

Instant Penetration Testing: Setting Up a Test Lab How-to Book Cover
Instant Penetration Testing: Setting Up a Test Lab How-to
$ 14.99
$ 10.50
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide Book Cover
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
$ 35.99
$ 7.20
Kali Linux - Assuring Security by Penetration Testing Book Cover
Kali Linux - Assuring Security by Penetration Testing
$ 26.99
$ 18.90
Linux Shell Scripting Cookbook, Second Edition Book Cover
Linux Shell Scripting Cookbook, Second Edition
$ 26.99
$ 5.40
Network Analysis using Wireshark Cookbook Book Cover
Network Analysis using Wireshark Cookbook
$ 29.99
$ 6.00
Kali Linux Cookbook Book Cover
Kali Linux Cookbook
$ 24.99
$ 5.00