Kali Linux Web Penetration Testing Cookbook.

Over 80 recipes on how to identify, exploit, and test web application security with Kali Linux 2About This Book Familiarize yourself with the most common web vulnerabilities a web application faces, and understand how attackers take advantage of them Set up a penetration testing lab to conduct a pre...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Najera-Gutierrez, Gilberto (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham : Packt Publishing, Limited Feb. 2016.
Temas:
Linux.
Linux
Penetration testing (Computer security)
Tests d'intrusion.
COMPUTERS > Security > Online Safety & Privacy.
COMPUTERS > Operating Systems > Linux.
Security; Operating Systems.
Acceso en línea:Texto completo
Tabla de Contenidos:
  • Cover
  • Copyright
  • Credits
  • About the Author
  • About the Reviewers
  • www.PacktPub.com
  • Table of Contents
  • Preface
  • Chapter 1: Setting Up Kali Linux
  • Introduction
  • Updating and upgrading Kali Linux
  • Installing and running OWASP Mantra
  • Setting up the Iceweasel browser
  • Installing VirtualBox
  • Creating a vulnerable virtual machine
  • Creating a client virtual machine
  • Configuring virtual machines for correct communication
  • Getting to know web applications on a vulnerable VM
  • Chapter 2: Reconnaissance
  • Introduction
  • Scanning and identifying services with Nmap
  • Identifying a web application firewall
  • Watching the source code
  • Using Firebug to analyze and alter basic behavior
  • Obtaining and modifying cookies
  • Taking advantage of robots.txt
  • Finding files and folders with DirBuster
  • Password profiling with CeWL
  • Using John the Ripper to generate a dictionary
  • Finding files and folders with ZAP
  • Chapter 3: Crawlers and Spiders
  • Introduction
  • Downloading a page for offline analysis with Wget
  • Downloading the page for offline analysis with HTTrack
  • Using ZAP's spider
  • Using Burp Suite to crawl a website
  • Repeating requests with Burp's repeater
  • Using WebScarab
  • Identifying relevant files and directories from crawling results
  • Chapter 4: Finding Vulnerabilities
  • Introduction
  • Using Hackbar add-on to ease parameter probing
  • Using Tamper Data add-on to intercept and modify requests
  • Using ZAP to view and alter requests
  • Using Burp Suite to view and alter requests
  • Identifying cross-site scripting (XSS) vulnerabilities
  • Identifying error based SQL injection
  • Identifying a blind SQL Injection
  • Identifying vulnerabilities in cookies
  • Obtaining SSL and TLS information with SSLScan
  • Looking for file inclusions
  • Identifying POODLE vulnerability.
  • Chapter 5: Automated Scanners
  • Introduction
  • Scanning with Nikto
  • Finding vulnerabilities with Wapiti
  • Using OWASP ZAP to scan for vulnerabilities
  • Scanning with w3af
  • Using Vega scanner
  • Finding Web vulnerabilities with Metasploit's Wmap
  • Chapter 6: Exploitation
  • Low Hanging Fruits
  • Introduction
  • Abusing file inclusions and uploads
  • Exploiting OS Command Injections
  • Exploiting an XML External Entity Injection
  • Brute-forcing passwords with THC-Hydra
  • Dictionary attacks on login pages with Burp Suite
  • Obtaining session cookies through XSS
  • Step by step basic SQL Injection
  • Finding and exploiting SQL Injections with SQLMap
  • Attacking Tomcat's passwords with Metasploit
  • Using Tomcat Manager to execute code
  • Chapter 7: Advanced Exploitation
  • Introduction
  • Searching Exploit-DB for a web server's vulnerabilities
  • Exploiting Heartbleed vulnerability
  • Exploiting XSS with BeEF
  • Exploiting a Blind SQLi
  • Using SQLMap to get database information
  • Performing a cross-site request forgery attack
  • Executing commands with Shellshock
  • Cracking password hashes with John the Ripper by using a dictionary
  • Cracking password hashes by brute force using oclHashcat/cudaHashcat
  • Chapter 8: Man in the Middle Attacks
  • Introduction
  • Setting up a spoofing attack with Ettercap
  • Being the MITM and capturing traffic with Wireshark
  • Modifying data between the server and the client
  • Setting up an SSL MITM attack
  • Obtaining SSL data with SSLsplit
  • Performing DNS spoofing and redirecting traffic
  • Chapter 9: Client-Side Attacks and Social Engineering
  • Introduction
  • Creating a password harvester with SET
  • Using previously saved pages to create a phishing site
  • Creating a reverse shell with Metasploit and capturing its connections
  • Using Metasploit's browser_autpwn2 to attack a client.
  • Attacking with BeEF
  • Tricking the user to go to our fake site
  • Chapter 10: Mitigation of OWASP Top 10
  • Introduction
  • A1
  • Preventing injection attacks
  • A2
  • Building proper authentication and session management
  • A3
  • Preventing cross-site scripting
  • A4
  • Preventing Insecure Direct Object References
  • A5
  • Basic security configuration guide
  • A6
  • Protecting sensitive data
  • A7
  • Ensuring function level access control
  • A8
  • Preventing CSRF
  • A9
  • Where to look for known vulnerabilities on third-party components
  • A10
  • Redirect validation
  • Index.

Ejemplares similares