• Complain

Michael McPhee - Mastering Kali Linux for Web Penetration Testing

Here you can read online Michael McPhee - Mastering Kali Linux for Web Penetration Testing full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2017, publisher: Packt Publishing, genre: Romance novel. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Michael McPhee Mastering Kali Linux for Web Penetration Testing
  • Book:
    Mastering Kali Linux for Web Penetration Testing
  • Author:
  • Publisher:
    Packt Publishing
  • Genre:
  • Year:
    2017
  • Rating:
    3 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 60
    • 1
    • 2
    • 3
    • 4
    • 5

Mastering Kali Linux for Web Penetration Testing: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Mastering Kali Linux for Web Penetration Testing" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Master the art of exploiting advanced web penetration techniques with Kali Linux 2016.2

About This Book
  • Make the most out of advanced web pen-testing techniques using Kali Linux 2016.2
  • Explore how Stored (a.k.a. Persistent) XSS attacks work and how to take advantage of them
  • Learn to secure your application by performing advanced web based attacks.
  • Bypass internet security to traverse from the web to a private network.
Who This Book Is For

This book targets IT pen testers, security consultants, and ethical hackers who want to expand their knowledge and gain expertise on advanced web penetration techniques. Prior knowledge of penetration testing would be beneficial.

What You Will Learn
  • Establish a fully-featured sandbox for test rehearsal and risk-free investigation of applications
  • Enlist open-source information to get a head-start on enumerating account credentials, mapping potential dependencies, and discovering unintended backdoors and exposed information
  • Map, scan, and spider web applications using nmap/zenmap, nikto, arachni, webscarab, w3af, and NetCat for more accurate characterization
  • Proxy web transactions through tools such as Burp Suite, OWASPs ZAP tool, and Vega to uncover application weaknesses and manipulate responses
  • Deploy SQL injection, cross-site scripting, Java vulnerabilities, and overflow attacks using Burp Suite, websploit, and SQLMap to test application robustness
  • Evaluate and test identity, authentication, and authorization schemes and sniff out weak cryptography before the black hats do
In Detail

You will start by delving into some common web application architectures in use, both in private and public cloud instances. You will also learn about the most common frameworks for testing, such as OWASP OGT version 4, and how to use them to guide your efforts. In the next section, you will be introduced to web pentesting with core tools and you will also see how to make web applications more secure through rigorous penetration tests using advanced features in open source tools. The book will then show you how to better hone your web pentesting skills in safe environments that can ensure low-risk experimentation with the powerful tools and features in Kali Linux that go beyond a typical script-kiddie approach. After establishing how to test these powerful tools safely, you will understand how to better identify vulnerabilities, position and deploy exploits, compromise authentication and authorization, and test the resilience and exposure applications possess.

By the end of this book, you will be well-versed with the web service architecture to identify and evade various protection mechanisms that are used on the Web today. You will leave this book with a greater mastery of essential test techniques needed to verify the secure design, development, and operation of your customers web applications.

Style and approach

An advanced-level guide filled with real-world examples that will help you take your web applications security to the next level by using Kali Linux 2016.2.

Michael McPhee: author's other books


Who wrote Mastering Kali Linux for Web Penetration Testing? Find out the surname, the name of the author of the book and a list of all author's works by series.

Mastering Kali Linux for Web Penetration Testing — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Mastering Kali Linux for Web Penetration Testing" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Contents

  • 1: Common Web Applications and Architectures
    • b'Chapter 1: Common Web Applications and Architectures'
    • b'Common architectures'
    • b'Web application hosting'
    • b'Application development cycles'
    • b'Common weaknesses \xc3\xa2\xc2\x80\xc2\x93 where to start'
    • b'Web application defenses'
    • b'Summary'
  • 2: Guidelines for Preparation and Testing
    • b'Chapter 2: Guidelines for Preparation and Testing'
    • b'Picking your favorite testing framework'
    • b'Keeping it legal and ethical'
    • b'Labbing - practicing what we learn'
    • b'Summary'
  • 3: Stalking Prey Through Target Recon
    • b'Chapter 3: Stalking Prey Through Target Recon'
    • b'The imitation game'
    • b'Open source awesomeness'
    • b'Being social with your target'
    • b'Summary'
  • 4: Scanning for Vulnerabilities with Arachni
    • b'Chapter 4: Scanning for Vulnerabilities with Arachni'
    • b'Walking into\xc3\x82\xc2\xa0spider webs'
    • b'An encore for stacks and frameworks'
    • b'The Arachni test scenario'
    • b'Summary'
  • 5: Proxy Operations with OWASP ZAP and Burp Suite
    • b'Chapter 5: Proxy Operations with OWASP ZAP and Burp Suite'
    • b'Pulling back the curtain with\xc3\x82\xc2\xa0ZAP'
    • b'Taking it to a new level with Burp Suite'
    • b'Summary'
  • 6: Infiltrating Sessions via Cross-Site Scripting
    • b'Chapter 6: Infiltrating Sessions via Cross-Site Scripting'
    • b'The low-down on XSS\xc3\x82\xc2\xa0types'
    • b'Seeing is believing'
    • b'Summary'
  • 7: Injection and Overflow Testing
    • b'Chapter 7: Injection and Overflow Testing'
    • b'Injecting some fun into your testing'
    • b'Is SQL any good?'
    • b'The X-factor - XML and XPath injections'
    • b'Credential Jedi mind tricks'
    • b'Going beyond persuasion \xc3\xa2\xc2\x80\xc2\x93 Injecting for execution'
    • b'Down with HTTP?'
    • b'Summary'
  • 8: Exploiting Trust Through Cryptography Testing
    • b'Chapter 8: Exploiting Trust Through Cryptography Testing'
    • b'How secret is your secret?'
    • b'Assessing encryption like a pro'
    • b'Exploiting the flaws'
    • b'Hanging out as the Man-in-the-Middle'
    • b'Summary'
  • 9: Stress Testing Authentication and Session Management
    • b'Chapter 9: Stress Testing Authentication and Session Management'
    • b'Knock knock, who's there?'
    • b'This is the session you are looking for'
    • b'Functional access level control'
    • b'Refining a brute's vocabulary'
    • b'Summary'
  • 10: Launching Client-Side Attacks
    • b'Chapter 10: Launching Client-Side Attacks'
    • b'Why are clients so weak?'
    • b'Picking on the little guys'
    • b'I don't need your validation'
    • b'Trendy hacks come and go'
    • b'Summary'
  • 11: Breaking the Application Logic
    • b'Chapter 11: Breaking the Application Logic'
    • b'Speed-dating your target'
    • b'Functional Feng Shui'
    • b'Summary'
  • 12: Educating the Customer and Finishing Up
    • b'Chapter 12: Educating the Customer and Finishing Up'
    • b'Finishing up'
    • b'Bringing best practices'
    • b'Assessing the competition'
    • b'Summary'
Chapter 1. Common Web Applications and Architectures

Web applications are essential for today's civilization. I know this sounds bold, but when you think of how the technology has changed the world, there is no doubt that globalization is responsible for the rapid exchange of information across great distances via the internet in large parts of the world. While the internet is many things, the most inherently valuable components are those where data resides. Since the advent of the World Wide Web in the 1990s, this data has exploded, with the world currently generating more data in the next 2 years than in all of the recorded history. While databases and object storage are the main repositories for this staggering amount of data, web applications are the portals through which that data comes and goes is manipulated, and processed into actionable information. This information is presented to the end users dynamically in their browser, and the relative simplicity and access that this imbues are the leading reason why web applications are impossible to avoid. We're so accustomed to web applications that many of us would find it impossible to go more than a few hours without them.

Financial, manufacturing, government, defense, businesses, educational, and entertainment institutions are dependent on the web applications that allow them to function and interact with each other. These ubiquitous portals are trusted to store, process, exchange, and present all sorts of sensitive information and valuable data while safeguarding it from harm. the industrial world has placed a great deal of trust in these systems. So, any damage to these systems or any kind of trust violation can and often does cause far-reaching economic, political, or physical damage and can even lead to loss of life. The news is riddled with breaking news of compromised web applications every day. Each of these attacks results in loss of that trust as data (from financial and health information to intellectual property) is stolen, leaked, abused, and disclosed. Companies have been irreparably harmed, patients endangered, careers ended, and destinies altered. This is heavy stuff!

While there are many potential issues that keep architects, developers, and operators on edge, many of these have a very low probability of occurring with one great exception. Criminal and geopolitical actors and activists present a clear danger to computing systems, networks, and all other people or things that are attached to or make use of them. Bad coding, improper implementation, or missing countermeasures are a boon to these adversaries, offering a way in or providing cover for their activities. As potential attackers see the opportunity to wreak havoc, they invest more, educate themselves, develop new techniques, and then achieve more ambitious goals. This cycle repeats itself. Defending networks, systems, and applications against these threats is a noble cause.

Defensive approaches also exist that can help reduce risks and minimize exposure, but it is the penetration tester (also known as the White Hat Hacker ) that ensures that they are up to the task. By thinking like an attacker - and using many of the same tools and techniques - a pen tester can uncover latent flaws in the design or implementation and allow the application stakeholders to fill these gaps before the malicious hacker (also known as the

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Mastering Kali Linux for Web Penetration Testing»

Look at similar books to Mastering Kali Linux for Web Penetration Testing. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Mastering Kali Linux for Web Penetration Testing»

Discussion, reviews of the book Mastering Kali Linux for Web Penetration Testing and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.