Cargando…
Practical Web Penetration Testing : Secure Web Applications Using Burp Suite, Nmap, Metasploit, and More.
Web Applications are the core of any business today, and the need for specialized Application Security experts is increasing these days. Using this book, you will be able to learn Application Security testing and understand how to analyze a web application, conduct a web intrusion test, and a networ...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing Ltd,
2018.
|
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover; Title Page; Copyright and Credits; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Building a Vulnerable Web Application Lab; Downloading Mutillidae; Installing Mutillidae on Windows; Downloading and installing XAMPP; Mutillidae installation; Installing Mutillidae on Linux; Downloading and installing XAMPP; Mutillidae installation; Using Mutillidae; User registration; Showing hints and setting security levels; Application reset; OWASP Top 10; Summary; Chapter 2: Kali Linux Installation; Introducing Kali Linux; Installing Kali Linux from scratch.
- Installing Kali on VMwareInstalling Kali on VirtualBox; Bridged versus NAT versus Internal Network; Updating Kali Linux; Summary; Chapter 3: Delving Deep into the Usage of Kali Linux; The Kali filesystem structure; Handling applications and packages; The Advanced Packaging Tool; Debian's package management system; Using dpkg commands; Handling the filesystem in Kali; File compression commands; Security management; Secure shell protocol; Configuring network services in Kali; Setting a static IP on Kali; Checking active connections in Kali; Process management commands; Htop utility.
- Popular commands for process managementSystem info commands; Summary; Chapter 4: All About Using Burp Suite; An introduction to Burp Suite; A quick example ; Visualizing the application structure using Burp Target ; Intercepting the requests/responses using Burp Proxy; Setting the proxy in your browser; BURP SSL certificate; Burp Proxy options; Crawling the web application using Burp Spider; Manually crawling by using the Intruder tool; Automated crawling and finding hidden spots; Looking for web vulnerabilities using the scanner; Replaying web requests using the Repeater tab.
- Fuzzing web requests using the Intruder tabIntruder attack types; Practical examples; Installing third-party apps using Burp Extender; Summary; Chapter 5: Understanding Web Application Vulnerabilities; File Inclusion; Local File Inclusion; Remote File Inclusion; Cross-Site Scripting; Reflected XSS; Stored XSS; Exploiting stored XSS using the header; DOM XSS; JavaScript validation; Cross-Site Request Forgery; Step 01
- victim; Step 02
- attacker; Results; SQL Injection; Authentication bypass; Extracting the data from the database; Error-based SQLi enumeration; Blind SQLi; Command Injection.
- OWASP Top 101
- Injection; 2
- Broken Authentication; 3
- Sensitive Data; 4
- XML External Entities; 5
- Broken Access Control; 6
- Security Misconfiguration; 7
- Cross-Site Scripting (XSS); 8
- Insecure Deserialization; 9
- Using Components with Known Vulnerabilities; 10
- Insufficient Logging & Monitoring; Summary; Chapter 6: Application Security Pre-Engagement; Introduction; The first meeting; The day of the meeting with the client; Non-Disclosure Agreement; Kick-off meeting; Time and cost estimation; Statement of work; Penetration Test Agreement; External factors; Summary.