Web Penetration Testing with Kali Linux, 3rd Edition

Book Description

Web Penetration Testing with Kali Linux – Third Edition: Explore the methods and tools of ethical hacking with Kali Linux

Build your defense against web attacks with Kali Linux, including command injection flaws, crypto implementation layers, and web application security holes

Key Features

• Know how to set up your lab with Kali Linux
• Discover the core concepts of web penetration testing
• Get the tools and techniques you need with Kali Linux

Book Description

Web Penetration Testing with Kali Linux – Third Edition shows you how to set up a lab, helps you understand the nature and mechanics of attacking websites, and explains classical attacks in great depth. This edition is heavily updated for the latest Kali Linux changes and the most recent attacks. Kali Linux shines when it comes to client-side attacks and fuzzing in particular.

From the start of the book, you’ll be given a thorough grounding in the concepts of hacking and penetration testing, and you’ll see the tools used in Kali Linux that relate to web application hacking. You’ll gain a deep understanding of classicalSQL, command-injection flaws, and the many ways to exploit these flaws. Web penetration testing also needs a general overview of client-side attacks, which is rounded out by a long discussion of scripting and input validation flaws.

There is also an important chapter on cryptographic implementation flaws, where we discuss the most recent problems with cryptographic layers in the networking stack.

The importance of these attacks cannot be overstated, and defending against them is relevant to most internet users and, of course, penetration testers.

At the end of the book, you’ll use an automated technique called fuzzing to identify flaws in a web application. Finally, you’ll gain an understanding of web application vulnerabilities and the ways they can be exploited using the tools in Kali Linux.

What you will learn

• Learn how to set up your lab with Kali Linux
• Understand the core concepts of web penetration testing
• Get to know the tools and techniques you need to use with Kali Linux
• Identify the difference between hacking a web application and network hacking
• Expose vulnerabilities present in web servers and their applications using server-side attacks
• Understand the different techniques used to identify the flavor of web applications
• See standard attacks such as exploiting cross-site request forgery and cross-site scripting flaws
• Get an overview of the art of client-side attacks
• Explore automated attacks such as fuzzing web applications

Who This Book Is For

Since this book sets out to cover a large number of tools and security fields, it can work as an introduction to practical security skills for beginners in security. In addition, web programmers and also system administrators would benefit from this rigorous introduction to web penetration testing. Basic system administration skills are necessary, and the ability to read code is a must.

Table of Contents

Chapter 1 Introduction to Penetration Testing and Web Applications
Chapter 2 Setting Up Your Lab with Kali Linux
Chapter 3 Reconnaissance and Profiling the Web Server
Chapter 4 Authentication and Session Management Flaws
Chapter 5 Attacking the Server Using Injection-based Flaws
Chapter 6 Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
Chapter 7 Exploiting Cross Site Request Forgery
Chapter 8 Attacking Cryptographic implementation flaws
Chapter 9 AJAX, HTML5 and client side attacks
Chapter 10 Fuzzing Web Applications
Chapter 11 Using Automated Scanners on Web Applications

中文：

书名：Web Penetration Testing with Kali Linux, 3rd Edition

使用Kali Linux第三版进行Web渗透测试：探索使用Kali Linux进行道德黑客攻击的方法和工具

使用Kali Linux构建针对Web攻击的防御，包括命令注入缺陷、加密实现层和Web应用程序安全漏洞

Key Features

• 了解如何使用Kali Linux设置您的实验室
• Discover the core concepts of web penetration testing
• Get the tools and techniques you need with Kali Linux

图书描述

使用Kali Linux第三版进行的Web渗透测试将向您展示如何设置实验室，帮助您了解攻击网站的性质和机制，并深入解释经典攻击。这个版本针对最新的Kali Linux更改和最新的攻击进行了大量更新。Kali Linux在客户端攻击方面表现出色，尤其是Fuzze。

从本书一开始，您将对黑客攻击和渗透测试的概念有一个全面的了解，并且您将看到Kali Linux中使用的与Web应用程序黑客相关的工具。您将深入了解经典的SQL、命令注入缺陷以及利用这些缺陷的多种方法。Web渗透测试还需要对客户端攻击有一个总体的概述，这是通过对脚本和输入验证缺陷的长时间讨论来总结的。

还有一个关于加密实现缺陷的重要章节，我们将在其中讨论网络堆栈中加密层的最新问题。

这些攻击的重要性怎么强调都不为过，防御它们关系到大多数互联网用户，当然还有渗透测试者。

在本书的最后，您将使用一种名为模糊的自动化技术来识别Web应用程序中的缺陷。最后，您将了解Web应用程序漏洞以及如何使用Kali Linux中的工具来利用这些漏洞。

你将学到什么

• 了解如何使用Kali Linux设置您的实验室
• Understand the core concepts of web penetration testing
• 了解与Kali Linux配合使用所需的工具和技术
• 识别黑客攻击Web应用程序和网络黑客之间的区别
• 使用服务器端攻击暴露Web服务器及其应用程序中存在的漏洞
• Understand the different techniques used to identify the flavor of web applications
• 查看标准攻击，如利用跨站点请求伪造和跨站点脚本缺陷
• Get an overview of the art of client-side attacks
• 探索自动攻击，例如模糊化Web应用程序

这本书是为谁写的

由于本书涵盖了大量工具和安全领域，因此它可以作为安全方面的初学者的实用安全技能的入门。此外，网络程序员和系统管理员也将受益于对网络渗透测试的严格介绍。基本的系统管理技能是必需的，阅读代码的能力也是必须的。

目录表

第1章渗透测试和Web应用程序简介
第2章使用Kali Linux设置您的实验室
Chapter 3 Reconnaissance and Profiling the Web Server
Chapter 4 Authentication and Session Management Flaws
Chapter 5 Attacking the Server Using Injection-based Flaws
第6章查找和利用跨站点脚本(XSS)漏洞
第七章利用跨站点请求伪造
Chapter 8 Attacking Cryptographic implementation flaws
第9章AJAX、HTML5和客户端攻击
第10章模糊Web应用程序
Chapter 11 Using Automated Scanners on Web Applications