My Account Log in

1 option

The Basics of Web Hacking : Tools and Techniques to Attack the Web.

Ebook Central College Complete Available online

View online
Format:
Book
Author/Creator:
Pauli, Joshua J.
Language:
English
Subjects (All):
Web sites--Security measures.
Web sites -- Security measures.
Physical Description:
1 online resource (160 pages)
Edition:
1st ed.
Place of Publication:
San Diego : Elsevier Science & Technology Books, 2013.
Contents:
Front Cover
The Basics of Web Hacking: Tools and Techniques to Attack the Web
Copyright
Dedication
Acknowledgments
Honey Bear
Lizard
Baby Bird
Family and Friends
Security Community
Scott White-Technical Reviewer
Syngress Team
My Vices
Biography
Foreword
Introduction
About this Book
A Hands-on Approach
What's in this Book?
A Quick Disclaimer
Contents
Chapter 1: The Basics of Web Hacking
What Is a Web Application?
What You Need to Know About Web Servers
What You Need to Know About HTTP
HTTP Cycles
Noteworthy HTTP Headers
Noteworthy HTTP Status Codes
The Basics of Web Hacking: Our Approach
Our Targets
Our Tools
Web Apps Touch Every Part of IT
Existing Methodologies
The Open-Source Security Testing Methodology Manual (OSSTM)
Penetration Testing Execution Standard (PTES)
Making Sense of Existing Methodologies
Most Common Web Vulnerabilities
Injection
Cross-site Scripting (XSS)
Broken Authentication and Session Management
Cross-site Request Forgery
Security Misconfiguration
Setting Up a Test Environment
Target Web Application
Installing the Target Web Application
Configuring the Target Web Application
DVWA Install Script
Chapter 2: Web Server Hacking
Reconnaissance
Learning About the Web Server
The Robots.txt File
Port Scanning
Nmap
Updating Nmap
Running Nmap
Nmap Scripting Engine (NSE)
Vulnerability Scanning
Nessus
Installing Nessus
Configuring Nessus
Running Nessus
Reviewing Nessus Results
Nikto
Exploitation
Basics of Metasploit
Search
Use
Show Payloads
Set Payload
Show Options
Set Option
Exploit
Maintaining Access
Chapter 3: Web Application Recon and Scanning
Web Application Recon.
Basics of a Web Proxy
Burp Suite
Configuring Burp Proxy
Spidering with Burp
Automated Spidering
Manual Spidering
Running Burp Spider
Web Application Scanning
What a Scanner Will Find
What a Scanner Won't Find
Scanning with ZED Attack Proxy (ZAP)
Configuring ZAP
Running ZAP
Reviewing ZAP Results
ZAP Brute Force
Scanning with Burp Scanner
Configuring Burp Scanner
Running Burp Scanner
Reviewing Burp Scanner Results
Chapter 4: Web Application Exploitation with Injection
SQL Injection Vulnerabilities
SQL Interpreter
SQL for Hackers
SQL Injection Attacks
Finding the Vulnerability
Bypassing Authentication
Extracting Additional Information
Harvesting Password Hashes
Offline Password Cracking
sqlmap
Operating System Command Injection Vulnerabilities
O/S Command Injection for Hackers
Operating System Command Injection Attacks
Web Shells
Chapter 5: Web Application Exploitation with Broken Authentication and Path Traversal
Authentication and Session Vulnerabilities
Path Traversal Vulnerabilities
Brute Force Authentication Attacks
Intercepting the Authentication Attempt
Configuring Burp Intruder
Intruder Payloads
Running Intruder
Session Attacks
Cracking Cookies
Burp Sequencer
Other Cookie Attacks
Path Traversal Attacks
Web Server File Structure
Forceful Browsing
Chapter 6: Web User Hacking
Cross-Site Scripting (XSS) Vulnerabilities
Cross-Site Request Forgery (CSRF) Vulnerabilities
XSS Versus CSRF
Technical Social Engineering Vulnerabilities
Web User Recon
Web User Scanning
Web User Exploitation
Cross-Site Scripting (XSS) Attacks
XSS Payloads
Reflected XSS Attacks
Intercepting the Server Response
Encoding XSS Payloads.
XSS in URL Address Bar
XSS Attacks on Session Identifiers
Stored XSS Attacks
Persistence of Stored XSS
Cross-Site Request Forgery (CSRF) Attacks
User Attack Frameworks
Social-Engineer Toolkit (SET)
Other Notable User Attack Frameworks
Chapter 7: Fixes
Web Server Fixes
Server Hardening
Generic Error Messages
Web Application Fixes
Injection Fixes
Broken Authentication and Session Management Fixes
Authentication
Session Management
Path Traversal Fixes
Web User Fixes
The XSS Prevention Cheat Sheet
Input Validation Cheat Sheet
Code Defenses for XSS
Browser Defenses for XSS
The CSRF Prevention Cheat Sheet
More CSRF Defenses
Technical Social Engineering Fixes
Chapter 8: Next Steps
Security Community Groups and Events
Formal Education
Certifications
Additional Books
Index.
Notes:
Description based on publisher supplied metadata and other sources.
Other Format:
Print version: Pauli, Josh The Basics of Web Hacking
ISBN:
9780124166592
OCLC:
851158028

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account