Practical Web Penetration Testing

Practical Web Penetration Testing

by Gus Khawaja
Released June 2018
Publisher(s): Packt Publishing
ISBN: 9781788624039

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Learn how to execute web application penetration testing end-to-end

About This Book
  • Build an end-to-end threat model landscape for web application security
  • Learn both web application vulnerabilities and web intrusion testing
  • Associate network vulnerabilities with a web application infrastructure
Who This Book Is For

Practical Web Penetration Testing is for you if you are a security professional, penetration tester, or stakeholder who wants to execute penetration testing using the latest and most popular tools. Basic knowledge of ethical hacking would be an added advantage.

What You Will Learn
  • Learn how to use Burp Suite effectively
  • Use Nmap, Metasploit, and more tools for network infrastructure tests
  • Practice using all web application hacking tools for intrusion tests using Kali Linux
  • Learn how to analyze a web application using application threat modeling
  • Know how to conduct web intrusion tests
  • Understand how to execute network infrastructure tests
  • Master automation of penetration testing functions for maximum efficiency using Python
In Detail

Companies all over the world want to hire professionals dedicated to application security. Practical Web Penetration Testing focuses on this very trend, teaching you how to conduct application security testing using real-life scenarios.

To start with, you'll set up an environment to perform web application penetration testing. You will then explore different penetration testing concepts such as threat modeling, intrusion test, infrastructure security threat, and more, in combination with advanced concepts such as Python scripting for automation. Once you are done learning the basics, you will discover end-to-end implementation of tools such as Metasploit, Burp Suite, and Kali Linux. Many companies deliver projects into production by using either Agile or Waterfall methodology. This book shows you how to assist any company with their SDLC approach and helps you on your journey to becoming an application security specialist.

By the end of this book, you will have hands-on knowledge of using different tools for penetration testing.

Style and approach

In this book, you will learn and understand the workflow of application security testing. Starting from analysis using threat modeling until the testing phase and before the web project goes into production, you will be able conduct effective penetrating testing using web intrusion tests , network infrastructure tests, and code review.

Table of contents

  1. Title Page
  2. Copyright and Credits
    1. Practical Web Penetration Testing
  3. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  4. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
    4. Get in touch
      1. Reviews
    5. Disclaimer
  6. Building a Vulnerable Web Application Lab
    1. Downloading Mutillidae
    2. Installing Mutillidae on Windows
      1. Downloading and installing XAMPP
      2. Mutillidae installation
    3. Installing Mutillidae on Linux
      1. Downloading and installing XAMPP
      2. Mutillidae installation
    4. Using Mutillidae
      1. User registration
      2. Showing hints and setting security levels
      3. Application reset
      4. OWASP Top 10
    5. Summary
  7. Kali Linux Installation
    1. Introducing Kali Linux
    2. Installing Kali Linux from scratch
    3. Installing Kali on VMware
    4. Installing Kali on VirtualBox
    5. Bridged versus NAT versus Internal Network
    6. Updating Kali Linux
    7. Summary
  8. Delving Deep into the Usage of Kali Linux
    1. The Kali filesystem structure
    2. Handling applications and packages
      1. The Advanced Packaging Tool
      2. Debian's package management system
        1. Using dpkg commands
    3. Handling the filesystem in Kali
      1. File compression commands
    4. Security management
    5. Secure shell protocol
    6. Configuring network services in Kali
      1. Setting a static IP on Kali
      2. Checking active connections in Kali
    7. Process management commands
      1. Htop utility
      2. Popular commands for process management
    8. System info commands
    9. Summary
  9. All About Using Burp Suite
    1. An introduction to Burp Suite
    2. A quick example
    3. Visualizing the application structure using Burp Target
    4. Intercepting the requests/responses using Burp Proxy
      1. Setting the proxy in your browser
      2. BURP SSL certificate
      3. Burp Proxy options
    5. Crawling the web application using Burp Spider
      1. Manually crawling by using the Intruder tool
      2. Automated crawling and finding hidden spots
    6. Looking for web vulnerabilities using the scanner
    7. Replaying web requests using the Repeater tab
    8. Fuzzing web requests using the Intruder tab
      1. Intruder attack types
      2. Practical examples
    9. Installing third-party apps using Burp Extender
    10. Summary
  10. Understanding Web Application Vulnerabilities
    1. File Inclusion
      1. Local File Inclusion
      2. Remote File Inclusion
    2. Cross-Site Scripting
      1. Reflected XSS
      2. Stored XSS
        1. Exploiting stored XSS using the header
      3. DOM XSS
      4. JavaScript validation
    3. Cross-Site Request Forgery
      1. Step 01 – victim
      2. Step 02 – attacker
      3. Results
    4. SQL Injection
      1. Authentication bypass
      2. Extracting the data from the database
        1. Error-based SQLi enumeration
        2. Blind SQLi
    5. Command Injection
    6. OWASP Top 10
      1. 1 – Injection
      2. 2 – Broken Authentication
      3. 3 – Sensitive Data
      4. 4 – XML External Entities
      5. 5 – Broken Access Control
      6. 6 – Security Misconfiguration
      7. 7 – Cross-Site Scripting (XSS)
      8. 8 – Insecure Deserialization
      9. 9 – Using Components with Known Vulnerabilities
      10. 10 – Insufficient Logging & Monitoring
    7. Summary
  11. Application Security Pre-Engagement
    1. Introduction
    2. The first meeting
      1. The day of the meeting with the client
    3. Non-Disclosure Agreement
    4. Kick-off meeting
    5. Time and cost estimation
    6. Statement of work
    7. Penetration Test Agreement
    8. External factors
    9. Summary
  12. Application Threat Modeling
    1. Software development life cycle
    2. Application Threat Modeling at a glance
    3. Application Threat Modeling in real life
    4. Application Threat Modeling document parts
      1. Data Flow Diagram
      2. External dependencies
      3. Trust levels
      4. Entry points
      5. Assets
      6. Test strategies
      7. Security risks
    5. Practical example
      1. xBlog Threat Modeling
        1. Scope
        2. Threat Modeling
        3. Project information
        4. Data Flow Diagram
        5. External dependencies
        6. Trust levels
        7. Entry points
        8. Assets
        9. Threats list
          1. Spoofing – authentication
          2. Tampering – integrity
          3. Repudiation
          4. Information disclosure – confidentiality
          5. Denial of service – availability
          6. Elevation of privilege – authorization
        10. Test strategies
    6. Summary
  13. Source Code Review
    1. Programming background
    2. Enterprise secure coding guidelines
    3. Static code analysis – manual scan versus automatic scan
    4. Secure coding checklist
    5. Summary
  14. Network Penetration Testing
    1. Passive information gathering – reconnaissance – OSINT
      1. Web search engines
      2. Google Hacking Database – Google dorks
      3. Online tools
      4. Kali Linux tools
        1. WHOIS lookup
        2. Domain name system – DNS enumeration
        3. Gathering email addresses
    2. Active information gathering – services enumeration
      1. Identifying live hosts
      2. Identifying open ports/services
      3. Service probing and enumeration
    3. Vulnerability assessment
      1. OpenVas
    4. Exploitation
      1. Finding exploits
      2. Listener setup
      3. Generating a shell payload using msfvenom
        1. Custom shells
    5. Privilege escalation
      1. File transfers
        1. Using PowerShell
        2. Using VBScript
      2. Administrator or root
    6. Summary
  15. Web Intrusion Tests
    1. Web Intrusion Test workflow
    2. Identifying hidden contents
    3. Common web page checklist
    4. Special pages checklist
    5. Reporting
      1. Common Vulnerability Scoring System – CVSS
        1. First case – SQLi
        2. Second case – Reflected XSS
      2. Report template
    6. Summary
  16. Pentest Automation Using Python
    1. Python IDE
      1. Downloading and installing PyCharm
      2. PyCharm quick overview
    2. Penetration testing automation
      1. Automate.py in action
      2. Utility functions
      3. Service enumeration
      4. DTO service class
      5. The scanner core
    3. Summary
  17. Nmap Cheat Sheet
    1. Target specification
    2. Host discovery
    3. Scan types and service versions
    4. Port specification and scan order
    5. Script scan
    6. Timing and performance
    7. Firewall/IDS evasion and spoofing
    8. Output
  18. Metasploit Cheat Sheet
    1. Metasploit framework
      1. Using the database
        1. More database-related commands
      2. Getting around
      3. Using modules
      4. Miscellaneous
      5. msfvenom
      6. Listener scripting
      7. Meterpreter
  19. Netcat Cheat Sheet
    1. Netcat command flags
    2. Practical examples
  20. Networking Reference Section
    1. Network subnets
    2. Port numbers and services
  21. Python Quick Reference
    1. Quick Python language overview
      1. Basics of Python
      2. Operators
        1. Arithmetic calculation operators
        2. Assignment operators
        3. Comparison operators
        4. Membership and identity operators
        5. Binary operators
      3. Making an if decision
      4. Variables
        1. Strings
          1. Escape String Characters
        2. Numbers
        3. Lists
        4. Tuples
        5. Dictionary
      5. Miscellaneous
  22. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Practical Web Penetration Testing
  • Author(s): Gus Khawaja
  • Release date: June 2018
  • Publisher(s): Packt Publishing
  • ISBN: 9781788624039