Cargando…

Improving your Penetration Testing Skills : strengthen your defense against web attacks with Kali Linux and Metasploit /

Evade antiviruses and bypass firewalls with the most widely used penetration testing frameworks Key Features Gain insights into the latest antivirus evasion techniques Set up a complete pentesting environment using Metasploit and virtual machines Discover a variety of tools and techniques that can b...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Najera-Gutierrez, Gilberto (Autor), Ansari, Juned Ahmed (Autor), Teixeira, Daniel (Autor), Singh, Abhinav (Autor)
Autor Corporativo: Safari, an O'Reilly Media Company
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham : Packt Publishing, 2019.
Temas:
Acceso en línea:Texto completo
Texto completo
Tabla de Contenidos:
  • Cover; FM; Copyright; About Packt; Contributors; Table of Contents; Preface; Chapter 1: Introduction to Penetration Testing and Web Applications; Proactive security testing; Different testing methodologies; Ethical hacking; Penetration testing; Vulnerability assessment; Security audits; Considerations when performing penetration testing; Rules of Engagement; The type and scope of testing; Client contact details; Client IT team notifications; Sensitive data handling; Status meeting and reports; The limitations of penetration testing; The need for testing web applications
  • Reasons to guard against attacks on web applicationsKali Linux; A web application overview for penetration testers; HTTP protocol; Knowing an HTTP request and response; The request header; The response header; HTTP methods; The GET method; The POST method; The HEAD method; The TRACE method; The PUT and DELETE methods; The OPTIONS method; Keeping sessions in HTTP; Cookies; Cookie flow between server and client; Persistent and nonpersistent cookies; Cookie parameters; HTML data in HTTP response; The server-side code; Multilayer web application; Three-layer web application design; Web services
  • Introducing SOAP and REST web servicesHTTP methods in web services; XML and JSON; AJAX; Building blocks of AJAX; The AJAX workflow; HTML5; WebSockets; Chapter 2: Setting Up Your Lab with Kali Linux; Kali Linux; Latest improvements in Kali Linux; Installing Kali Linux; Virtualizing Kali Linux versus installing it on physical hardware; Installing on VirtualBox; Creating the virtual machine; Installing the system; Important tools in Kali Linux; CMS & Framework Identification; WPScan; JoomScan; CMSmap; Web Application Proxies; Burp Proxy; Customizing client interception
  • Modifying requests on the flyBurp Proxy with HTTPS websites; Zed Attack Proxy; ProxyStrike; Web Crawlers and Directory Bruteforce; DIRB; DirBuster; Uniscan; Web Vulnerability Scanners; Nikto; w3af; Skipfish; Other tools; OpenVAS; Database exploitation; Web application fuzzers; Using Tor for penetration testing; Vulnerable applications and servers to practice on; OWASP Broken Web Applications; Hackazon; Web Security Dojo; Other resources; Chapter 3: Reconnaissance and Profiling the Web Server; Reconnaissance; Passive reconnaissance versus active reconnaissance; Information gathering
  • Domain registration detailsWhois
  • extracting domain information; Identifying related hosts using DNS; Zone transfer using dig; DNS enumeration; DNSEnum; Fierce; DNSRecon; Brute force DNS records using Nmap; Using search engines and public sites to gather information; Google dorks; Shodan; the Harvester; Maltego; Recon-ng
  • a framework for information gathering; Domain enumeration using Recon-ng; Sub-level and top-level domain enumeration; Reporting modules; Scanning
  • probing the target; Port scanning using Nmap; Different options for port scan; Evading firewalls and IPS using Nmap