Book Description
Build your defense against web attacks with Kali Linux 2.0
About This Book
- Gain a deep understanding of the flaws in web applications and exploit them in a practical manner
- Get hands-on web application hacking experience with a range of tools in Kali Linux 2.0
- Develop the practical skills required to master multiple tools in the Kali Linux 2.0 toolkit
Who This Book Is For
If you are already working as a network penetration tester and want to expand your knowledge of web application hacking, then this book tailored for you. Those who are interested in learning more about the Kali Sana tools that are used to test web applications will find this book a thoroughly useful and interesting guide.
What You Will Learn
- Set up your lab with Kali Linux 2.0
- Identify the difference between hacking a web application and network hacking
- Understand the different techniques used to identify the flavor of web applications
- Expose vulnerabilities present in web servers and their applications using server-side attacks
- Use SQL and cross-site scripting (XSS) attacks
- Check for XSS flaws using the burp suite proxy
- Find out about the mitigation techniques used to negate the effects of the Injection and Blind SQL attacks
In Detail
Kali Linux 2.0 is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. It contains several hundred tools aimed at various information security tasks such as penetration testing, forensics, and reverse engineering.
At the beginning of the book, you will be introduced to the concepts of hacking and penetration testing and will get to know about the tools used in Kali Linux 2.0 that relate to web application hacking. Then, you will gain a deep understanding of SQL and command injection flaws and ways to exploit the flaws. Moving on, you will get to know more about scripting and input validation flaws, AJAX, and the security issues related to AJAX.
At the end of the book, you will use an automated technique called fuzzing to be able to identify flaws in a web application. Finally, you will understand the web application vulnerabilities and the ways in which they can be exploited using the tools in Kali Linux 2.0.
Style and approach
This step-by-step guide covers each topic with detailed practical examples. Every concept is explained with the help of illustrations using the tools available in Kali Linux 2.0.
Table of Contents
Chapter 1: Introduction to Penetration Testing and Web Applications
Chapter 2: Setting up Your Lab with Kali Linux
Chapter 3: Reconnaissance and Profiling the Web Server
Chapter 4: Major Flaws in Web Applications
Chapter 5: Attacking the Server Using Injection-based Flaws
Chapter 6: Exploiting Clients Using XSS and CSRF Flaws
Chapter 7: Attacking SSL-based Websites
Chapter 8: Exploiting the Client Using Attack Frameworks
Chapter 9: AJAX and Web Services – Security Issues
Chapter 10: Fuzzing Web Applications
中文:
书名:使用Kali Linux进行Web渗透测试,第二版
使用Kali Linux 2.0构建您的网络攻击防御系统
关于本书
- 深入了解Web应用程序中的缺陷,并以实际的方式加以利用
- 使用Kali Linux2.0中的一系列工具获得实际的Web应用程序黑客体验
- 开发掌握Kali Linux2.0工具包中的多种工具所需的实用技能
Who This Book Is For
如果您已经是一名网络渗透测试员,并且想要扩展您对Web应用程序黑客的了解,那么这本书就是为您量身定做的。那些对学习更多用于测试Web应用程序的Kali Sana工具感兴趣的人会发现这本书是一本非常有用和有趣的指南。
What You Will Learn
- Set up your lab with Kali Linux 2.0
- 识别黑客攻击Web应用程序和网络黑客之间的区别
- Understand the different techniques used to identify the flavor of web applications
- 使用服务器端攻击暴露Web服务器及其应用程序中存在的漏洞
- Use SQL and cross-site scripting (XSS) attacks
- 使用Burp套件代理检查XSS缺陷
- 了解用于消除注入和盲目SQL攻击影响的缓解技术
详细地说
Kali Linux 2.0是业界领先的新一代回溯Linux渗透测试和安全审计Linux发行版。它包含数百个工具,用于各种信息安全任务,如渗透测试、取证和逆向工程。
在本书的开头,您将了解黑客攻击和渗透测试的概念,并了解Kali Linux2.0中使用的与Web应用程序黑客相关的工具。然后,您将深入了解SQL和命令注入缺陷以及利用这些缺陷的方法。接下来,您将更多地了解脚本和输入验证缺陷、AJAX以及与AJAX相关的安全问题。
在本书的最后,您将使用一种称为模糊的自动化技术来识别Web应用程序中的缺陷。最后,您将了解Web应用程序漏洞以及如何使用Kali Linux2.0中的工具来利用这些漏洞。
Style and approach
本分步指南介绍了每个主题,并提供了详细的实践示例。每个概念都使用Kali Linux2.0中提供的工具通过插图进行了解释。
Table of Contents
第1章:渗透测试和Web应用程序简介
第2章:使用Kali Linux设置您的实验室
第3章:侦测和分析Web服务器
Chapter 4: Major Flaws in Web Applications
第5章:使用基于注入的漏洞攻击服务器
第6章:使用XSS和CSRF漏洞利用客户端
Chapter 7: Attacking SSL-based Websites
第8章:使用攻击框架利用客户端
第9章:AJAX和Web服务-安全问题
Chapter 10: Fuzzing Web Applications
评论前必须登录!
注册