book

Kali Linux Penetration Testing Bible

by Gus Khawaja

June 2021

Intermediate to advanced

512 pages

11h 12m

English

Wiley

Read now

Unlock full access

What Does This Book Cover?Companion Download FilesHow to Contact the PublisherHow to Contact the Author
Kali Linux File SystemManaging Users and Groups in KaliFiles and Folders Management in Kali LinuxRemote Connections in KaliKali Linux System ManagementNetworking in Kali LinuxSummary
Basic Bash ScriptingPrinting to the Screen in BashVariablesScript ParametersUser InputFunctionsConditions and LoopsSummary
Basics of NetworkingNetwork ScanningDNS EnumerationSummary
Passive Footprinting and ReconnaissanceSummary
Spear Phishing AttacksPayloads and ListenersSocial Engineering with the USB Rubber DuckySummary
Transfer ProtocolsE‐mail ProtocolsDatabase ProtocolsCI/CD ProtocolsWeb Protocols 80/443Graphical Remoting ProtocolsFile Sharing ProtocolsSummary
Vulnerabilities AssessmentServices ExploitationSummary

Web Application VulnerabilitiesSummary
Web Enumeration and ExploitationSecure Software Development LifecycleSummary
Introduction to Kernel Exploits and Missing ConfigurationsKernel ExploitsSUID ExploitationOverriding the Passwd Users FileCRON Jobs Privilege EscalationsudoersExploiting Running ServicesAutomated ScriptsSummary
Windows System EnumerationFile TransfersWindows System ExploitationSummary
Dumping Windows HashesPivoting with Port RedirectionSummary
Basics of CryptographyCracking Secrets with HashcatSummary
Overview of Reports in Penetration TestingScoring SeveritiesReport PresentationSummary
CPU RegistersAssembly InstructionsData TypesMemory SegmentsAddressing ModesReverse Engineering ExampleSummary
Basics of Stack OverflowStack Overflow ExploitationSummary
Basics of PythonRunning Python ScriptsDebugging Python ScriptsPracticing PythonPython Basic SyntaxesVariablesMore Techniques in PythonSummary
Penetration Test RobotSummary
Downloading and Running a VM of Kali LinuxKali Xfce DesktopSummary
Docker TechnologySummary

Content preview from Kali Linux Penetration Testing Bible

CHAPTER 9Web Penetration Testing and Secure Software Development Lifecycle

This topic deserves a chapter by itself because of its importance. These days, most companies have a website or a web application portal that brings in profits. In this chapter, you will mainly learn about the methodology of web application penetration testing and how to use Burp Suite Pro edition.

In the previous chapter, you learned about the most common web vulnerabilities that you will encounter in your engagements. I encourage you to delve deep into the subject by exploring other references (application security books, online courses, and the OWASP website) to understand the rest of the flaws (e.g., server‐side request forgery, open redirect, and much more).

This chapter covers the following topics:

Web pentesting using Burp Suite Pro
Web application enumeration tools
Web application manual pentest checklist
Secure software development life cycle

Web Enumeration and Exploitation

Burp Suite is an excellent tool to have in your repertoire! It allows you to find tons of web application vulnerabilities, and if you want to be a web penetration tester/bug bounty hunter, then this tool is a must. This section covers the professional edition of Burp Suite, which is not free.

Burp Suite Pro

To summarize this tool in one simple phrase, Burp Suite allows you to use the proxy to intercept and modify the web requests and responses. This tool can scan for web application–based vulnerabilities and much more ...