Learning Python web penetration testing : automate web penetration testing activities using Phyton / Christian Martorella.

Format:

Book

Author/Creator:

Martorella, Christian, author.

Language:

English

Subjects (All):

Python (Computer program language).

Penetration testing (Computer security).

Teste Extensão local.

Physical Description:

1 online resource (132 pages)

Edition:

1st edition

Place of Publication:

Birmingham : Packt, 2018.

System Details:

text file

Biography/History:

Martorella Christian: Christian Martorella has been working in the field of information security for the last 18 years and is currently leading the product security team for Skyscanner. Earlier, he was the principal program manager in the Skype product security team at Microsoft. His current focus is security engineering and automation. He has contributed to open source security testing tools such as Wfuzz, theHarvester, and Metagoofil, all included in Kali, the penetration testing Linux distribution.

Summary:

Leverage the simplicity of Python and available libraries to build web security testing tools for your application About This Book Understand the web application penetration testing methodology and toolkit using Python Write a web crawler/spider with the Scrapy library Detect and exploit SQL injection vulnerabilities by creating a script all by yourself Who This Book Is For Learning Python Web Penetration Testing is for web developers who want to step into the world of web application security testing. Basic knowledge of Python is necessary. What You Will Learn Interact with a web application using the Python and Requests libraries Create a basic web application crawler and make it recursive Develop a brute force tool to discover and enumerate resources such as files and directories Explore different authentication methods commonly used in web applications Enumerate table names from a database using SQL injection Understand the web application penetration testing methodology and toolkit In Detail Web penetration testing is the use of tools and code to attack a website or web app in order to assess its vulnerability to external threats. While there are an increasing number of sophisticated, ready-made tools to scan systems for vulnerabilities, the use of Python allows you to write system-specific scripts, or alter and extend existing testing tools to find, exploit, and record as many security weaknesses as possible. Learning Python Web Penetration Testing will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for each activity throughout the process. The book begins by emphasizing the importance of knowing how to write your own tools with Python for web application penetration testing. You will then learn to interact with a web application using Python, understand the anatomy of an HTTP request, URL, headers and message body, and later create a script to perform a request, and interpret the response and its headers. As you make your way through the book, you will write a web crawler using Python and the Scrappy library. The book will also help you to develop a tool to perform brute force attacks in different parts of the web application. You will then discover more on detecting and exploiting SQL injection vulnerabilities. By the end of this book, you will have successfully created an HTTP proxy based on the mitmproxy tool. Style and approach A easy-to-follow guide that wil...

Contents:

Cover

Title Page

Copyright and Credits

Packt Upsell

Contributor

Table of Contents

Preface

Chapter 1: Introduction to Web Application Penetration Testing

Understanding the web application penetration testing process

Typical web application toolkit

HTTP Proxy

Crawlers and spiders

Vulnerability scanners

Brute forces/predictable resource locators

Specific task tools

Testing environment

Summary

Chapter 2: Interacting with Web Applications

HTTP protocol basics

What is HTTP and how it works?

Anatomy of an HTTP request

HTTP headers

GET request

Interacting with a web app using the requests library

Requests library

Our first script

Setting headers

Analyzing HTTP responses

HTTP codes

Chapter 3: Web Crawling with Scrapy - Mapping the Application

Web application mapping

Creating our own crawler/spider with Scrapy

Starting with Scrapy

Making our crawler recursive

Scraping interesting stuff

Chapter 4: Resources Discovery

What is resource discovery?

Building our first BruteForcer

Analysing the results

Adding more information

Entering the hash of the response content

Taking screenshots of the findings

Chapter 5: Password Testing

How password attacks work

Password cracking

Password policies and account locking

Our first password BruteForcer

Basic authentication

Creating the password cracker

Adding support for digest authentication

What is digest authentication?

Adding digest authentication to our script

Form-based authentication

Form-based authentication overview

Chapter 6: Detecting and Exploiting SQL Injection Vulnerabilities

Introduction to SQL injection

SQLi versus blind SQLi

Detecting SQL injection issues

Methods for detecting SQLi.

Automating the detection

Exploiting a SQL injection to extract data

What data can we extract with an SQLi?

Automating basic extractions

Advanced SQLi exploiting

Chapter 7: Intercepting HTTP Requests

HTTP proxy anatomy

What is an HTTP proxy?

Why do we need a proxy?

Types of HTTP proxy

Introduction to mitmproxy

Why mitmproxy?

Manipulating HTTP requests

Inline scripts

Automating SQLi in mitmproxy

SQLi process

Other Books You May Enjoy

Index.

Notes:

Description based on print version record.

ISBN:

9781789539677

1789539676

OCLC:

1043620514