Book Description
You will start by delving into some common web application architectures in use, both in private and public cloud instances. You will also learn about the most common frameworks for testing, such as OWASP OGT version 4, and how to use them to guide your efforts. In the next section, you will be introduced to web pentesting with core tools and you will also see how to make web applications more secure through rigorous penetration tests using advanced features in open source tools. The book will then show you how to better hone your web pentesting skills in safe environments that can ensure low-risk experimentation with the powerful tools and features in Kali Linux that go beyond a typical script-kiddie approach. After establishing how to test these powerful tools safely, you will understand how to better identify vulnerabilities, position and deploy exploits, compromise authentication and authorization, and test the resilience and exposure applications possess.
By the end of this book, you will be well-versed with the web service architecture to identify and evade various protection mechanisms that are used on the Web today. You will leave this book with a greater mastery of essential test techniques needed to verify the secure design, development, and operation of your customers’ web applications.
Table of Contents
Chapter 1. Common Web Applications and Architectures
Chapter 2. Guidelines for Preparation and Testing
Chapter 3. Stalking Prey Through Target Recon
Chapter 4. Scanning for Vulnerabilities with Arachni
Chapter 5. Proxy Operations with OWASP ZAP and Burp Suite
Chapter 6. Infiltrating Sessions via Cross-Site Scripting
Chapter 7. Injection and Overflow Testing
Chapter 8. Exploiting Trust Through Cryptography Testing
Chapter 9. Stress Testing Authentication and Session Management
Chapter 10. Launching Client-Side Attacks
Chapter 11. Breaking the Application Logic
Chapter 12. Educating the Customer and Finishing Up
中文:
书名:掌握Kali Linux进行Web渗透测试
您将从深入研究在私有云和公共云实例中使用的一些常见Web应用程序体系结构开始。您还将了解最常见的测试框架,例如OWASP OGT版本4,以及如何使用它们来指导您的工作。在下一节中,您将学习使用核心工具进行Web测试,还将了解如何通过使用开源工具中的高级功能进行严格的渗透测试来提高Web应用程序的安全性。然后,这本书将向你展示如何在安全的环境中更好地磨练你的网络测试技能,确保低风险地试验Kali Linux中的强大工具和功能,这些工具和功能超出了典型的脚本-孩子方法。在确定如何安全地测试这些功能强大的工具之后,您将了解如何更好地识别漏洞、定位和部署漏洞、危害身份验证和授权,以及测试应用程序所具有的弹性和暴露能力。
到本书结束时,您将非常熟悉Web服务体系结构,以识别和规避当今Web上使用的各种保护机制。在这本书中,您将更好地掌握验证客户Web应用程序的安全设计、开发和操作所需的基本测试技术。
目录表
第一章:常见的Web应用程序和架构
第二章准备和测试指南
第三章:通过目标侦察跟踪猎物
第4章:使用Arachni扫描漏洞
第5章使用OWASP ZAP和Burp Suite进行代理操作
第6.11-13章通过跨站点脚本进行渗透会话
Chapter 7. Injection and Overflow Testing
第8章:通过密码测试利用信任
第9章:安全压力测试身份验证和会话管理
第10章:发起客户端攻击
第11章:打破应用逻辑
第12章:教育客户并完成
评论前必须登录!
注册