Web penetration testing with Kali Linux : explore the methods and tools of ethical hacking with Kali Linux / Gilberto Najera-Gutierrez, Juned Ahmed Ansar.

Format:

Book

Author/Creator:

Najera-Gutierrez, Gilberto, author.

Ansar, Juned Ahmed, author.

Language:

English

Subjects (All):

Kali Linux.

Penetration testing (Computer security).

Physical Description:

1 online resource (426 pages)

Edition:

Third edition.

Place of Publication:

Birmingham, [England] ; Mumbai, [India] : Packt Publishing, 2018.

System Details:

text file

Summary:

Build your defense against web attacks with Kali Linux, including command injection flaws, crypto implementation layers, and web application security holes About This Book Know how to set up your lab with Kali Linux Discover the core concepts of web penetration testing Get the tools and techniques you need with Kali Linux Who This Book Is For Since this book sets out to cover a large number of tools and security fields, it can work as an introduction to practical security skills for beginners in security. In addition, web programmers and also system administrators would benefit from this rigorous introduction to web penetration testing. Basic system administration skills are necessary, and the ability to read code is a must. What You Will Learn Learn how to set up your lab with Kali Linux Understand the core concepts of web penetration testing Get to know the tools and techniques you need to use with Kali Linux Identify the difference between hacking a web application and network hacking Expose vulnerabilities present in web servers and their applications using server-side attacks Understand the different techniques used to identify the flavor of web applications See standard attacks such as exploiting cross-site request forgery and cross-site scripting flaws Get an overview of the art of client-side attacks Explore automated attacks such as fuzzing web applications In Detail Web Penetration Testing with Kali Linux - Third Edition shows you how to set up a lab, helps you understand the nature and mechanics of attacking websites, and explains classical attacks in great depth. This edition is heavily updated for the latest Kali Linux changes and the most recent attacks. Kali Linux shines when it comes to client-side attacks and fuzzing in particular. From the start of the book, you'll be given a thorough grounding in the concepts of hacking and penetration testing, and you'll see the tools used in Kali Linux that relate to web application hacking. You'll gain a deep understanding of classicalSQL, command-injection flaws, and the many ways to exploit these flaws. Web penetration testing also needs a general overview of client-side attacks, which is rounded out by a long discussion of scripting and input validation flaws. There is also an important chapter on cryptographic implementation flaws, where we discuss the most recent problems with cryptographic layers in the networking stack. The importance of these attacks cannot be overstated, and defe...

Contents:

Cover

Title Page

Copyright and Credits

Dedication

Packt Upsell

Contributors

Table of Contents

Preface

Chapter 1: Introduction to Penetration Testing and Web Applications

Proactive security testing

Different testing methodologies

Ethical hacking

Penetration testing

Vulnerability assessment

Security audits

Considerations when performing penetration testing

Rules of Engagement

The type and scope of testing

Client contact details

Client IT team notifications

Sensitive data handling

Status meeting and reports

The limitations of penetration testing

The need for testing web applications

Reasons to guard against attacks on web applications

Kali Linux

A web application overview for penetration testers

HTTP protocol

Knowing an HTTP request and response

The request header

The response header

HTTP methods

The GET method

The POST method

The HEAD method

The TRACE method

The PUT and DELETE methods

The OPTIONS method

Keeping sessions in HTTP

Cookies

Cookie flow between server and client

Persistent and nonpersistent cookies

Cookie parameters

HTML data in HTTP response

The server-side code

Multilayer web application

Three-layer web application design

Web services

Introducing SOAP and REST web services

HTTP methods in web services

XML and JSON

AJAX

Building blocks of AJAX

The AJAX workflow

HTML5

WebSockets

Summary

Chapter 2: Setting Up Your Lab with Kali Linux

Latest improvements in Kali Linux

Installing Kali Linux

Virtualizing Kali Linux versus installing it on physical hardware

Installing on VirtualBox

Creating the virtual machine

Installing the system

Important tools in Kali Linux

CMS &amp

Framework Identification

WPScan

JoomScan

CMSmap.

Web Application Proxies

Burp Proxy

Customizing client interception

Modifying requests on the fly

Burp Proxy with HTTPS websites

Zed Attack Proxy

ProxyStrike

Web Crawlers and Directory Bruteforce

DIRB

DirBuster

Uniscan

Web Vulnerability Scanners

Nikto

w3af

Skipfish

Other tools

OpenVAS

Database exploitation

Web application fuzzers

Using Tor for penetration testing

Vulnerable applications and servers to practice on

OWASP Broken Web Applications

Hackazon

Web Security Dojo

Other resources

Chapter 3: Reconnaissance and Profiling the Web Server

Reconnaissance

Passive reconnaissance versus active reconnaissance

Information gathering

Domain registration details

Whois - extracting domain information

Identifying related hosts using DNS

Zone transfer using dig

DNS enumeration

DNSEnum

Fierce

DNSRecon

Brute force DNS records using Nmap

Using search engines and public sites to gather information

Google dorks

Shodan

theHarvester

Maltego

Recon-ng - a framework for information gathering

Domain enumeration using Recon-ng

Sub-level and top-level domain enumeration

Reporting modules

Scanning - probing the target

Port scanning using Nmap

Different options for port scan

Evading firewalls and IPS using Nmap

Identifying the operating system

Profiling the server

Identifying virtual hosts

Locating virtual hosts using search engines

Identifying load balancers

Cookie-based load balancer

Other ways of identifying load balancers

Application version fingerprinting

The Nmap version scan

The Amap version scan

Fingerprinting the web application framework

The HTTP header

The WhatWeb scanner

Scanning web servers for vulnerabilities and misconfigurations.

Identifying HTTP methods using Nmap

Testing web servers using auxiliary modules in Metasploit

Identifying HTTPS configuration and issues

OpenSSL client

Scanning TLS/SSL configuration with SSLScan

Scanning TLS/SSL configuration with SSLyze

Testing TLS/SSL configuration using Nmap

Spidering web applications

Burp Spider

Application login

Directory brute forcing

ZAP's forced browse

Chapter 4: Authentication and Session Management Flaws

Authentication schemes in web applications

Platform authentication

Basic

Digest

NTLM

Kerberos

HTTP Negotiate

Drawbacks of platform authentication

Form-based authentication

Two-factor Authentication

OAuth

Session management mechanisms

Sessions based on platform authentication

Session identifiers

Common authentication flaws in web applications

Lack of authentication or incorrect authorization verification

Username enumeration

Discovering passwords by brute force and dictionary attacks

Attacking basic authentication with THC Hydra

Attacking form-based authentication

Using Burp Suite Intruder

Using THC Hydra

The password reset functionality

Recovery instead of reset

Common password reset flaws

Vulnerabilities in 2FA implementations

Detecting and exploiting improper session management

Using Burp Sequencer to evaluate the quality of session IDs

Predicting session IDs

Session Fixation

Preventing authentication and session attacks

Authentication guidelines

Session management guidelines

Chapter 5: Detecting and Exploiting Injection-Based Flaws

Command injection

Identifying parameters to inject data

Error-based and blind command injection

Metacharacters for command separator

Exploiting shellshock

Getting a reverse shell.

Exploitation using Metasploit

SQL injection

An SQL primer

The SELECT statement

Vulnerable code

SQL injection testing methodology

Extracting data with SQL injection

Getting basic environment information

Blind SQL injection

Automating exploitation

sqlninja

BBQSQL

sqlmap

Attack potential of the SQL injection flaw

XML injection

XPath injection

XPath injection with XCat

The XML External Entity injection

The Entity Expansion attack

NoSQL injection

Testing for NoSQL injection

Exploiting NoSQL injection

Mitigation and prevention of injection vulnerabilities

Chapter 6: Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities

An overview of Cross-Site Scripting

Persistent XSS

Reflected XSS

DOM-based XSS

XSS using the POST method

Exploiting Cross-Site Scripting

Cookie stealing

Website defacing

Key loggers

Taking control of the user's browser with BeEF-XSS

Scanning for XSS flaws

XSSer

XSS-Sniper

Preventing and mitigating Cross-Site Scripting

Chapter 7: Cross-Site Request Forgery, Identification, and Exploitation

Testing for CSRF flaws

Exploiting a CSRF flaw

Exploiting CSRF in a POST request

CSRF on web services

Using Cross-Site Scripting to bypass CSRF protections

Preventing CSRF

Chapter 8: Attacking Flaws in Cryptographic Implementations

A cryptography primer

Algorithms and modes

Asymmetric encryption versus symmetric encryption

Symmetric encryption algorithm

Stream and block ciphers

Initialization Vectors

Block cipher modes

Hashing functions

Salt values

Secure communication over SSL/TLS

Secure communication in web applications

TLS encryption process

Identifying weak implementations of SSL/TLS

The OpenSSL command-line tool

SSLScan

SSLyze.

Testing SSL configuration using Nmap

Exploiting Heartbleed

POODLE

Custom encryption protocols

Identifying encrypted and hashed information

Hashing algorithms

hash-identifier

Frequency analysis

Entropy analysis

Identifying the encryption algorithm

Common flaws in sensitive data storage and transmission

Using offline cracking tools

Using John the Ripper

Using Hashcat

Preventing flaws in cryptographic implementations

Chapter 9: AJAX, HTML5, and Client-Side Attacks

Crawling AJAX applications

AJAX Crawling Tool

Sprajax

The AJAX Spider - OWASP ZAP

Analyzing the client-side code and storage

Browser developer tools

The Inspector panel

The Debugger panel

The Console panel

The Network panel

The Storage panel

The DOM panel

HTML5 for penetration testers

New XSS vectors

New elements

New properties

Local storage and client databases

Web Storage

IndexedDB

Web Messaging

Intercepting and modifying WebSockets

Other relevant features of HTML5

Cross-Origin Resource Sharing (CORS)

Geolocation

Web Workers

Bypassing client-side controls

Mitigating AJAX, HTML5, and client-side vulnerabilities

Chapter 10: Other Common Security Flaws in Web Applications

Insecure direct object references

Direct object references in web services

Path traversal

File inclusion vulnerabilities

Local File Inclusion

Remote File Inclusion

HTTP parameter pollution

Information disclosure

Mitigation

File inclusion attacks

Chapter 11: Using Automated Scanners on Web Applications

Considerations before using an automated scanner

Web application vulnerability scanners in Kali Linux

Skipfish.

Wapiti.

Notes:

"Expert Insight"--Cover.

Includes index.

Description based on online resource; title from PDF title page (EBC, viewed March 22, 2018).

OCLC:

1028221202