Cargando…
Improving your Penetration Testing Skills : strengthen your defense against web attacks with Kali Linux and Metasploit /
Evade antiviruses and bypass firewalls with the most widely used penetration testing frameworks Key Features Gain insights into the latest antivirus evasion techniques Set up a complete pentesting environment using Metasploit and virtual machines Discover a variety of tools and techniques that can b...
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , , , |
| Autor Corporativo: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing,
2019.
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover; FM; Copyright; About Packt; Contributors; Table of Contents; Preface; Chapter 1: Introduction to Penetration Testing and Web Applications; Proactive security testing; Different testing methodologies; Ethical hacking; Penetration testing; Vulnerability assessment; Security audits; Considerations when performing penetration testing; Rules of Engagement; The type and scope of testing; Client contact details; Client IT team notifications; Sensitive data handling; Status meeting and reports; The limitations of penetration testing; The need for testing web applications
- Reasons to guard against attacks on web applicationsKali Linux; A web application overview for penetration testers; HTTP protocol; Knowing an HTTP request and response; The request header; The response header; HTTP methods; The GET method; The POST method; The HEAD method; The TRACE method; The PUT and DELETE methods; The OPTIONS method; Keeping sessions in HTTP; Cookies; Cookie flow between server and client; Persistent and nonpersistent cookies; Cookie parameters; HTML data in HTTP response; The server-side code; Multilayer web application; Three-layer web application design; Web services
- Introducing SOAP and REST web servicesHTTP methods in web services; XML and JSON; AJAX; Building blocks of AJAX; The AJAX workflow; HTML5; WebSockets; Chapter 2: Setting Up Your Lab with Kali Linux; Kali Linux; Latest improvements in Kali Linux; Installing Kali Linux; Virtualizing Kali Linux versus installing it on physical hardware; Installing on VirtualBox; Creating the virtual machine; Installing the system; Important tools in Kali Linux; CMS & Framework Identification; WPScan; JoomScan; CMSmap; Web Application Proxies; Burp Proxy; Customizing client interception
- Modifying requests on the flyBurp Proxy with HTTPS websites; Zed Attack Proxy; ProxyStrike; Web Crawlers and Directory Bruteforce; DIRB; DirBuster; Uniscan; Web Vulnerability Scanners; Nikto; w3af; Skipfish; Other tools; OpenVAS; Database exploitation; Web application fuzzers; Using Tor for penetration testing; Vulnerable applications and servers to practice on; OWASP Broken Web Applications; Hackazon; Web Security Dojo; Other resources; Chapter 3: Reconnaissance and Profiling the Web Server; Reconnaissance; Passive reconnaissance versus active reconnaissance; Information gathering
- Domain registration detailsWhois
- extracting domain information; Identifying related hosts using DNS; Zone transfer using dig; DNS enumeration; DNSEnum; Fierce; DNSRecon; Brute force DNS records using Nmap; Using search engines and public sites to gather information; Google dorks; Shodan; the Harvester; Maltego; Recon-ng
- a framework for information gathering; Domain enumeration using Recon-ng; Sub-level and top-level domain enumeration; Reporting modules; Scanning
- probing the target; Port scanning using Nmap; Different options for port scan; Evading firewalls and IPS using Nmap