Harpreet Singh and Himanshu Sharma - Hands-On Web Penetration Testing with Metasploit

Copyright 2020 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin Boricha
Acquisition Editor: Rohit Rajkumar
Content Development Editor: Ronn Kurien
Senior Editor: Richard Brookes-Bland
Technical Editor: Sarvesh Jaywant
Copy Editor: Safis Editing
Project Coordinator: Neil Dmello
Proofreader: Safis Editing
Indexer: Tejal Daruwale Soni
Production Designer: Alishon Mendonsa

First published: May 2020
Production reference: 1220520

Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.

ISBN 978-1-78995-352-7

www.packt.com

Packt.com

Subscribe to our online digital library for full access to over 7,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

• Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

• Improve your learning with Skill Plans built especially for you

• Get a free eBook or video every month

• Fully searchable for easy access to vital information

• Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at customercare@packtpub.com for more details.

At www.packt.com , you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Harpreet Singh is the author of Hands-On Red Team Tactics published by Packt Publishing and has more than 7 years of experience in the fields of ethical hacking, penetration testing, vulnerability research, and red teaming. He is also a certified OSCP (Offensive Security Certified Professional) and OSWP (Offensive Security Wireless Professional). Over the years, Harpreet has acquired an offensive skill set as well as a defensive skill set. He is a professional who specializes in wireless and network exploitation, including but not limited to mobile exploitation and web application exploitation, and he has also performed red team engagements for banks and financial groups.

Himanshu Sharma has already achieved fame for finding security loopholes and vulnerabilities in Apple, Google, Microsoft, Facebook, Adobe, Uber, AT&T, Avira, and many others. He has assisted international celebrities such as Harbajan Singh in recovering their hacked accounts. He has been a speaker and trainer at international conferences such as Botconf 2013, CONFidence, RSA Singapore, LeHack, Hacktivity, Hack In the Box, and SEC-T. He also spoke at the IEEE Conference for Tedx. Currently, he is the cofounder of BugsBounty, a crowdsourced security platform.

Amit Kumar Sharma is a security evangelist with experience in application security and fuzz testing. During his career, he has had the chance to work with various technologies in the telecom, medical, ICS, and automotive security domains. He works as a security consultant with a reputable firm providing consultation on how security can fit in the SDLC and evangelizing technologies such as IAST, binary analysis, and fuzz testing to uncover security issues. Currently, his areas of research include DevSecOps, security in SDLC, Kubernetes security, and secrets management.

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

In today's rapidly evolving technological world, the security industry is changing at a phenomenal pace, while the number of cyber attacks involving organizations is also increasing rapidly. To protect themselves from these real-world attacks, many companies have introduced security audits and risk and vulnerability assessments in their process management, designed to help the company gauge the risks with respect to their business assets. To protect these assets, many companies have hired security professionals with the purpose of identifying risks, vulnerabilities, and threats in companies' applications and networks. For a security professional, building up their skills and familiarizing themselves with the latest attacks are crucial. Also, for their betterment and improved efficiency, many individuals use Metasploit as their first choice in the case of exploitation and enumeration.