Kali Linux Web Penetration Testing Cookbook, 2nd Edition

Book Description

Kali Linux Web Penetration Testing Cookbook: Identify, exploit, and prevent web application vulnerabilities with Kali Linux 2018.x, 2nd Edition

Discover the most common web vulnerabilities and prevent them from becoming a threat to your site’s security

Key Features

• Familiarize yourself with the most common web vulnerabilities
• Conduct a preliminary assessment of attack surfaces and run exploits in your lab
• Explore new tools in the Kali Linux ecosystem for web penetration testing

Book Description

Web applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform that provides a broad array of testing tools, many of which can be used to execute web penetration testing.

Kali Linux Web Penetration Testing Cookbook gives you the skills you need to cover every stage of a penetration test – from gathering information about the system and application, to identifying vulnerabilities through manual testing. You will also cover the use of vulnerability scanners and look at basic and advanced exploitation techniques that may lead to a full system compromise. You will start by setting up a testing laboratory, exploring the latest features of tools included in Kali Linux and performing a wide range of tasks with OWASP ZAP, Burp Suite and other web proxies and security testing tools.

As you make your way through the book, you will learn how to use automated scanners to find security flaws in web applications and understand how to bypass basic security controls. In the concluding chapters, you will look at what you have learned in the context of the Open Web Application Security Project (OWASP) and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively.

By the end of this book, you will have acquired the skills you need to identify, exploit, and prevent web application vulnerabilities.

What you will learn

• Set up a secure penetration testing laboratory
• Use proxies, crawlers, and spiders to investigate an entire website
• Identify cross-site scripting and client-side vulnerabilities
• Exploit vulnerabilities that allow the insertion of code into web applications
• Exploit vulnerabilities that require complex setups
• Improve testing efficiency using automated vulnerability scanners
• Learn how to circumvent security controls put in place to prevent attacks

Who this book is for

Kali Linux Web Penetration Testing Cookbook is for IT professionals, web developers, security enthusiasts, and security professionals who want an accessible reference on how to find, exploit, and prevent security vulnerabilities in web applications. The basics of operating a Linux environment and prior exposure to security technologies and tools are necessary.

Table of Contents

Chapter 1 Setting up Kali Linux and the Testing Lab
Chapter 2 Reconnaissance
Chapter 3 Using Proxies, Crawlers and Spiders
Chapter 4 Testing Authentication and Session Management
Chapter 5 Cross-Site Scripting and Client-Side Attacks
Chapter 6 Exploiting Injection Vulnerabilities
Chapter 7 Exploiting Platform Vulnerabilities
Chapter 8 Using Automated Scanners
Chapter 9 Bypassing Basic Security Controls
Chapter 10 Mitigation of OWASP Top 10 Vulnerabilities

中文：

书名：Kali Linux Web渗透测试手册，第二版

Kali Linux Web渗透测试手册：识别、利用和预防Kali Linux 2018.x第二版的Web应用程序漏洞

发现最常见的Web漏洞并防止它们对您的站点安全构成威胁

主要特点

• 熟悉最常见的Web漏洞
• 在您的实验室中对攻击面进行初步评估并运行攻击
• 探索Kali Linux生态系统中用于Web渗透测试的新工具

图书描述

Web应用程序是恶意黑客的一个巨大攻击点，也是安全专业人员和渗透测试人员锁定和保护的关键区域。Kali Linux是一个基于Linux的渗透测试平台，提供了广泛的测试工具，其中许多可用于执行Web渗透测试。

Kali Linux Web渗透测试手册为您提供了渗透测试的每个阶段所需的技能-从收集有关系统和应用程序的信息，到通过手动测试识别漏洞。您还将介绍漏洞扫描程序的使用，并了解可能导致整个系统受损的基本和高级攻击技术。您将首先建立一个测试实验室，探索Kali Linux中包含的工具的最新功能，并使用OWASP ZAP、Burp Suite和其他Web代理和安全测试工具执行一系列任务。

在您阅读本书的过程中，您将学习如何使用自动扫描仪在Web应用程序中查找安全flAWS，并了解如何绕过基本安全控制。在最后一章中，您将了解在开放Web应用程序安全项目(OWASP)的背景下学到了什么，以及您最有可能遇到的十大Web应用程序漏洞，从而使您有能力有效地对抗它们。

到本书结束时，您将掌握识别、利用和预防Web应用程序漏洞所需的技能。

你将学到什么

• 建立安全的渗透测试实验室
• 使用代理、爬行器和蜘蛛来调查整个网站
• 识别跨站点脚本和客户端漏洞
• 利用允许将代码插入到Web应用程序中的漏洞
• 利用需要复杂设置的漏洞
• 使用自动化漏洞扫描器提高测试效率
• 了解如何规避为防止攻击而实施的安全控制

这本书是为谁而写的

Kali Linux Web渗透测试手册面向IT专业人员、Web开发人员、安全爱好者和安全专业人员，他们希望获得有关如何发现、利用和预防Web应用程序中的安全漏洞的可访问参考。操作Linux环境的基础知识以及之前接触到的安全技术和工具都是必要的。

目录表

第1章设置Kali Linux和测试实验室
第二章侦察
Chapter 3 Using Proxies, Crawlers and Spiders
第4章测试身份验证和会话管理
第5章跨站点脚本和客户端攻击
第6章利用注入漏洞
第七章利用平台漏洞
第8章使用自动扫描仪
第9章绕过基本安全控制
第十章缓解OWASP十大漏洞