Kali Linux Web Penetration Testing Cookbook - Second Edition

Book Description

Discover the most common web vulnerabilities and prevent them from becoming a threat to your site's security

Key Features

  • Familiarize yourself with the most common web vulnerabilities
  • Conduct a preliminary assessment of attack surfaces and run exploits in your lab
  • Explore new tools in the Kali Linux ecosystem for web penetration testing

Book Description

Web applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform that provides a broad array of testing tools, many of which can be used to execute web penetration testing.

Kali Linux Web Penetration Testing Cookbook gives you the skills you need to cover every stage of a penetration test – from gathering information about the system and application, to identifying vulnerabilities through manual testing. You will also cover the use of vulnerability scanners and look at basic and advanced exploitation techniques that may lead to a full system compromise. You will start by setting up a testing laboratory, exploring the latest features of tools included in Kali Linux and performing a wide range of tasks with OWASP ZAP, Burp Suite and other web proxies and security testing tools.

As you make your way through the book, you will learn how to use automated scanners to find security ?aws in web applications and understand how to bypass basic security controls. In the concluding chapters, you will look at what you have learned in the context of the Open Web Application Security Project (OWASP) and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively.

By the end of this book, you will have acquired the skills you need to identify, exploit, and prevent web application vulnerabilities.

What you will learn

  • Set up a secure penetration testing laboratory
  • Use proxies, crawlers, and spiders to investigate an entire website
  • Identify cross-site scripting and client-side vulnerabilities
  • Exploit vulnerabilities that allow the insertion of code into web applications
  • Exploit vulnerabilities that require complex setups
  • Improve testing efficiency using automated vulnerability scanners
  • Learn how to circumvent security controls put in place to prevent attacks

Who this book is for

Kali Linux Web Penetration Testing Cookbook is for IT professionals, web developers, security enthusiasts, and security professionals who want an accessible reference on how to find, exploit, and prevent security vulnerabilities in web applications. The basics of operating a Linux environment and prior exposure to security technologies and tools are necessary.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Publisher Resources

Download Example Code

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Kali Linux Web Penetration Testing Cookbook Second Edition
  3. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  4. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
    4. Sections
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Get in touch
      1. Reviews
    6. Disclaimer
  6. Setting Up Kali Linux and the Testing Lab
    1. Introduction
    2. Installing VirtualBox on Windows and Linux
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Creating a Kali Linux virtual machine
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    4. Updating and upgrading Kali Linux
      1. How to do it...
      2. How it works...
    5. Configuring the web browser for penetration testing
      1. How to do it...
      2. How it works...
      3. See also
    6. Creating a client virtual machine
      1. How to do it...
      2. How it works...
      3. See also
    7. Configuring virtual machines for correct communication
      1. Getting ready
      2. How to do it...
      3. How it works...
    8. Getting to know web applications on a vulnerable virtual machine
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
  7. Reconnaissance
    1. Introduction
    2. Passive reconnaissance
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    3. Using Recon-ng to gather information
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    4. Scanning and identifying services with Nmap
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Identifying web application firewalls
      1. How to do it...
      2. How it works...
    6. Identifying HTTPS encryption parameters
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    7. Using the browser's developer tools to analyze and alter basic behavior
      1. How to do it...
      2. How it works...
      3. There's more...
    8. Obtaining and modifying cookies
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    9. Taking advantage of robots.txt
      1. How to do it...
      2. How it works...
  8. Using Proxies, Crawlers, and Spiders
    1. Introduction
    2. Finding files and folders with DirBuster
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    3. Finding files and folders with ZAP
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    4. Using Burp Suite to view and alter requests
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    5. Using Burp Suite's Intruder to find files and folders
      1. How to do it...
      2. How it works...
    6. Using the ZAP proxy to view and alter requests
      1. How to do it...
      2. How it works...
    7. Using ZAP spider
      1. How to do it...
      2. How it works...
      3. There's more
    8. Using Burp Suite to spider a website
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more
    9. Repeating requests with Burp Suite's repeater
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. Using WebScarab
      1. Getting ready
      2. How to do it...
      3. How it works...
    11. Identifying relevant files and directories from crawling results
      1. How to do it...
      2. How it works...
  9. Testing Authentication and Session Management
    1. Introduction
    2. Username enumeration
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Dictionary attack on login pages with Burp Suite
      1. How to do it...
      2. How it works...
      3. There's more...
    4. Brute forcing basic authentication with Hydra
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Attacking Tomcat's passwords with Metasploit
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    6. Manually identifying vulnerabilities in cookies
      1. How to do it...
      2. How it works...
      3. There's more...
    7. Attacking a session fixation vulnerability
      1. How to do it...
      2. How it works...
    8. Evaluating the quality of session identifiers with Burp Sequencer
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    9. Abusing insecure direct object references
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. Performing a Cross-Site Request Forgery attack
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
  10. Cross-Site Scripting and Client-Side Attacks
    1. Introduction
    2. Bypassing client-side controls using the browser
      1. How to do it...
      2. How it works...
      3. See also
    3. Identifying Cross-Site Scripting vulnerabilities
      1. How to do it...
      2. How it works...
      3. There's more...
    4. Obtaining session cookies through XSS
      1. How to do it...
      2. How it works...
      3. See also
    5. Exploiting DOM XSS
      1. How to do it...
      2. How it works...
    6. Man-in-the-Browser attack with XSS and BeEF
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    7. Extracting information from web storage
      1. How to do it...
      2. How it works...
      3. There's more...
    8. Testing WebSockets with ZAP
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Using XSS and Metasploit to get a remote shell
      1. Getting ready
      2. How to do it...
      3. How it works...
  11. Exploiting Injection Vulnerabilities
    1. Introduction
    2. Looking for file inclusions
      1. How to do it...
      2. How it works...
      3. There's more...
    3. Abusing file inclusions and uploads
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    4. Manually identifying SQL injection
      1. How to do it...
      2. How it works...
      3. There's more...
    5. Step-by-step error-based SQL injections
      1. How to do it...
      2. How it works...
    6. Identifying and exploiting blind SQL injections
      1. How to do it...
      2. How it works...
      3. There's more...
      4. See also
    7. Finding and exploiting SQL injections with SQLMap
      1. How to do it...
      2. How it works...
      3. There's more...
      4. See also
    8. Exploiting an XML External Entity injection
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    9. Detecting and exploiting command injection vulnerabilities
      1. How to do it...
      2. How it works...
  12. Exploiting Platform Vulnerabilities
    1. Introduction
    2. Exploiting Heartbleed vulnerability using Exploit-DB
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Executing commands by exploiting Shellshock
      1. How to do it...
      2. How it works...
      3. There's more...
    4. Creating and capturing a reverse shell with Metasploit
      1. How to do it...
      2. How it works...
    5. Privilege escalation on Linux
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    6. Privilege escalation on Windows
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    7. Using Tomcat Manager to execute code
      1. How to do it...
      2. How it works...
    8. Cracking password hashes with John the Ripper by using a dictionary
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Cracking password hashes via Brute Force using Hashcat
      1. Getting ready
      2. How to do it...
      3. How it works...
  13. Using Automated Scanners
    1. Introduction
    2. Scanning with Nikto
      1. How to do it...
      2. How it works...
    3. Considerations when doing automated scanning
      1. How to do it...
      2. How it works...
    4. Finding vulnerabilities with Wapiti
      1. How to do it...
      2. How it works...
    5. Using OWASP ZAP to scan for vulnerabilities
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    6. Scanning with Skipfish
      1. How to do it...
      2. How it works...
    7. Finding vulnerabilities in WordPress with WPScan
      1. How to do it...
      2. How it works...
    8. Finding vulnerabilities in Joomla with JoomScan
      1. How to do it...
      2. How it works...
    9. Scanning Drupal with CMSmap
      1. Getting ready
      2. How to do it...
      3. How it works...
  14. Bypassing Basic Security Controls
    1. Introduction
    2. Basic input validation bypass in Cross-Site Scripting attacks
      1. How to do it...
      2. How it works...
      3. There's more...
    3. Exploiting Cross-Site Scripting using obfuscated code
      1. How to do it...
      2. How it works...
    4. Bypassing file upload restrictions
      1. How to do it...
      2. How it works...
    5. Avoiding CORS restrictions in web services
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Using Cross-Site Scripting to bypass CSRF protection and CORS restrictions
      1. How to do it...
      2. How it works...
    7. Exploiting HTTP parameter pollution
      1. How to do it...
      2. How it works...
    8. Exploiting vulnerabilities through HTTP headers
      1. How to do it...
      2. How it works...
  15. Mitigation of OWASP Top 10 Vulnerabilities
    1. Introduction
    2. A1 – Preventing injection attacks
      1. How to do it...
      2. How it works...
      3. See also
    3. A2 – Building proper authentication and session management
      1. How to do it...
      2. How it works...
      3. See also
    4. A3 – Protecting sensitive data
      1. How to do it...
      2. How it works...
    5. A4 – Using XML external entities securely
      1. How to do it...
      2. How it works...
    6. A5 – Securing access control
      1. How to do it...
      2. How it works...
    7. A6 – Basic security configuration guide
      1. How to do it...
      2. How it works...
    8. A7 – Preventing Cross-Site Scripting
      1. How to do it...
      2. How it works...
      3. See also
    9. A8 – Implementing object serialization and deserialization
      1. How to do it...
      2. How it works...
    10. A9 – Where to look for known vulnerabilities on third-party components
      1. How to do it...
      2. How it works...
    11. A10 – Logging and monitoring for web applications' security
      1. How to do it...
      2. How it works...
  16. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product Information

  • Title: Kali Linux Web Penetration Testing Cookbook - Second Edition
  • Author(s): Gilberto Najera-Gutierrez
  • Release date: August 2018
  • Publisher(s): Packt Publishing
  • ISBN: 9781788991513