Basics of Web Hacking : Tools and Techniques to Attack the Web.

Mostrar otras versiones (3)

The Basics of Web Hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a ""path of least resistance"" that can be exploited to cause the most damage to a system, with the l...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Pauli, Joshua J.
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Elsevier Science & Technology, 2013.
Temas:
Web sites > Security measures.
Web applications > Security measures.
Computer networks > Security measures.
Penetration testing (Computer security)
Hackers.
Computer crimes > Prevention.
Sites Web > Sécurité > Mesures.
Applications Web > Sécurité > Mesures.
Réseaux d'ordinateurs > Sécurité > Mesures.
Tests d'intrusion.
Pirates informatiques.
computer piracy.
Internet.
data protection.
piratage informatique.
protection des données.
Computer crimes > Prevention
Computer networks > Security measures
Hackers
Web sites > Security measures
Acceso en línea:Texto completo
Tabla de Contenidos:
  • Front Cover
  • The Basics of Web Hacking: Tools and Techniques to Attack the Web
  • Copyright
  • Dedication
  • Acknowledgments
  • Honey Bear
  • Lizard
  • Baby Bird
  • Family and Friends
  • Security Community
  • Scott White-Technical Reviewer
  • Syngress Team
  • My Vices
  • Biography
  • Foreword
  • Introduction
  • About this Book
  • A Hands-on Approach
  • What's in this Book?
  • A Quick Disclaimer
  • Contents
  • Chapter 1: The Basics of Web Hacking
  • Introduction
  • What Is a Web Application?
  • What You Need to Know About Web Servers
  • What You Need to Know About HTTP
  • HTTP Cycles
  • Noteworthy HTTP Headers
  • Noteworthy HTTP Status Codes
  • The Basics of Web Hacking: Our Approach
  • Our Targets
  • Our Tools
  • Web Apps Touch Every Part of IT
  • Existing Methodologies
  • The Open-Source Security Testing Methodology Manual (OSSTM)
  • Penetration Testing Execution Standard (PTES)
  • Making Sense of Existing Methodologies
  • Most Common Web Vulnerabilities
  • Injection
  • Cross-site Scripting (XSS)
  • Broken Authentication and Session Management
  • Cross-site Request Forgery
  • Security Misconfiguration
  • Setting Up a Test Environment
  • Target Web Application
  • Installing the Target Web Application
  • Configuring the Target Web Application
  • DVWA Install Script
  • Chapter 2: Web Server Hacking
  • Introduction
  • Reconnaissance
  • Learning About the Web Server
  • The Robots.txt File
  • Port Scanning
  • Nmap
  • Updating Nmap
  • Running Nmap
  • Nmap Scripting Engine (NSE)
  • Vulnerability Scanning
  • Nessus
  • Installing Nessus
  • Configuring Nessus
  • Running Nessus
  • Reviewing Nessus Results
  • Nikto
  • Exploitation
  • Basics of Metasploit
  • Search
  • Use
  • Show Payloads
  • Set Payload
  • Show Options
  • Set Option
  • Exploit
  • Maintaining Access
  • Chapter 3: Web Application Recon and Scanning
  • Introduction
  • Web Application Recon.
  • Basics of a Web Proxy
  • Burp Suite
  • Configuring Burp Proxy
  • Spidering with Burp
  • Automated Spidering
  • Manual Spidering
  • Running Burp Spider
  • Web Application Scanning
  • What a Scanner Will Find
  • What a Scanner Won't Find
  • Scanning with ZED Attack Proxy (ZAP)
  • Configuring ZAP
  • Running ZAP
  • Reviewing ZAP Results
  • ZAP Brute Force
  • Scanning with Burp Scanner
  • Configuring Burp Scanner
  • Running Burp Scanner
  • Reviewing Burp Scanner Results
  • Chapter 4: Web Application Exploitation with Injection
  • Introduction
  • SQL Injection Vulnerabilities
  • SQL Interpreter
  • SQL for Hackers
  • SQL Injection Attacks
  • Finding the Vulnerability
  • Bypassing Authentication
  • Extracting Additional Information
  • Harvesting Password Hashes
  • Offline Password Cracking
  • sqlmap
  • Operating System Command Injection Vulnerabilities
  • O/S Command Injection for Hackers
  • Operating System Command Injection Attacks
  • Web Shells
  • Chapter 5: Web Application Exploitation with Broken Authentication and Path Traversal
  • Introduction
  • Authentication and Session Vulnerabilities
  • Path Traversal Vulnerabilities
  • Brute Force Authentication Attacks
  • Intercepting the Authentication Attempt
  • Configuring Burp Intruder
  • Intruder Payloads
  • Running Intruder
  • Session Attacks
  • Cracking Cookies
  • Burp Sequencer
  • Other Cookie Attacks
  • Path Traversal Attacks
  • Web Server File Structure
  • Forceful Browsing
  • Chapter 6: Web User Hacking
  • Introduction
  • Cross-Site Scripting (XSS) Vulnerabilities
  • Cross-Site Request Forgery (CSRF) Vulnerabilities
  • XSS Versus CSRF
  • Technical Social Engineering Vulnerabilities
  • Web User Recon
  • Web User Scanning
  • Web User Exploitation
  • Cross-Site Scripting (XSS) Attacks
  • XSS Payloads
  • Reflected XSS Attacks
  • Intercepting the Server Response
  • Encoding XSS Payloads.
  • XSS in URL Address Bar
  • XSS Attacks on Session Identifiers
  • Stored XSS Attacks
  • Persistence of Stored XSS
  • Cross-Site Request Forgery (CSRF) Attacks
  • User Attack Frameworks
  • Social-Engineer Toolkit (SET)
  • Other Notable User Attack Frameworks
  • Chapter 7: Fixes
  • Introduction
  • Web Server Fixes
  • Server Hardening
  • Generic Error Messages
  • Web Application Fixes
  • Injection Fixes
  • Broken Authentication and Session Management Fixes
  • Authentication
  • Session Management
  • Path Traversal Fixes
  • Web User Fixes
  • The XSS Prevention Cheat Sheet
  • Input Validation Cheat Sheet
  • Code Defenses for XSS
  • Browser Defenses for XSS
  • The CSRF Prevention Cheat Sheet
  • More CSRF Defenses
  • Technical Social Engineering Fixes
  • Chapter 8: Next Steps
  • Introduction
  • Security Community Groups and Events
  • Formal Education
  • Certifications
  • Additional Books
  • Index.

Ejemplares similares