Kali Linux Web Penetration Testing Cookbook:Identify,exploit,and prevent web application vulnerabilities with Kali Linux 2018.x,2nd Edition
Edition 版次：2nd Revised edition
Release Finelybook 出版日期：2018-08-31
Publisher Finelybook 出版社：Packt Publishing
pages 页数：404 pages
Web applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform that provides a broad array of testing tools,many of which can be used to execute web penetration testing.
Kali Linux Web Penetration Testing Cookbook gives you the skills you need to cover every stage of a penetration test – from gathering information about the system and application,to identifying vulnerabilities through manual testing. You will also cover the use of vulnerability scanners and look at basic and advanced exploitation techniques that may lead to a full system compromise. You will start by setting up a testing laboratory,exploring the latest features of tools included in Kali Linux and performing a wide range of tasks with OWASP ZAP,Burp Suite and other web proxies and security testing tools.
As you make your way through the book,you will learn how to use automated scanners to find security ﬂaws in web applications and understand how to bypass basic security controls. In the concluding chapters,you will look at what you have learned in the context of the Open Web Application Security Project (OWASP) and the top 10 web application vulnerabilities you are most likely to encounter,equipping you with the ability to combat them effectively.
By the end of this book,you will have acquired the skills you need to identify,exploit,and prevent web application vulnerabilities.
1:SETTING UP KALI LINUX AND THE TESTING LAB
3:USING PROXIES,CRAWLERS,AND SPIDERS
4:TESTING AUTHENTICATION AND SESSION MANAGEMENT
5:CROSS-SITE SCRIPTING AND CLIENT-SIDE ATTACKS
6:EXPLOITING INJECTION VULNERABILITIES
7:EXPLOITING PLATFORM VULNERABILITIES
8:USING AUTOMATED SCANNERS
9:BYPASSING BASIC SECURITY CONTROLS
10:MITIGATION OF OWASP TOP 10 VULNERABILITIES
What You Will Learn
Set up a secure penetration testing laboratory
Use proxies,crawlers,and spiders to investigate an entire website
Identify cross-site scripting and client-side vulnerabilities
Exploit vulnerabilities that allow the insertion of code into web applications
Exploit vulnerabilities that require complex setups
Improve testing efficiency using automated vulnerability scanners
Learn how to circumvent security controls put in place to prevent attacks
Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the best security testing teams in Australia. He has successfully conducted penetration tests on networks and web applications for top corporations,government agencies,and financial institutions in Mexico and Australia.
Gilberto also holds world-leading professional certifications,such as Offensive Security Certified Professional (OSCP),GIAC Exploit Researcher,and Advanced Penetration Tester (GXPN).
- The Complete Guide to SCION: From Design Principles to Formal Verification
- A Beginner’s Guide to Internet of Things Security: Attacks, Applications, Authentication, and Fundamentals
- Data Classification and Incremental Clustering in Data Mining and Machine Learning
- Designing Secure IoT Devices with the Arm Platform Security Architecture and Cortex-M33
- Practical Industrial Cybersecurity: ICS, Industry 4.0, and IIoT
- Cloud Computing Solutions: Architecture, Data Storage, Implementation and Security