Web Penetration Testing with Kali Linux
Language: English
Pages: 342
ISBN: 1782163166
Format: PDF / Kindle (mobi) / ePub
Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit.
Overview
- Learn key reconnaissance concepts needed as a penetration tester
- Attack and exploit key features, authentication, and sessions on web applications
- Learn how to protect systems, write reports, and sell web penetration testing services
In Detail
Kali Linux is built for professional penetration testing and security auditing. It is the next-generation of BackTrack, the most popular open-source penetration toolkit in the world. Readers will learn how to think like real attackers, exploit systems, and expose vulnerabilities.
Even though web applications are developed in a very secure environment and have an intrusion detection system and firewall in place to detect and prevent any malicious activity, open ports are a pre-requisite for conducting online business. These ports serve as an open door for attackers to attack these applications. As a result, penetration testing becomes essential to test the integrity of web-applications. Web Penetration Testing with Kali Linux is a hands-on guide that will give you step-by-step methods on finding vulnerabilities and exploiting web applications.
"Web Penetration Testing with Kali Linux" looks at the aspects of web penetration testing from the mind of an attacker. It provides real-world, practical step-by-step instructions on how to perform web penetration testing exercises.
You will learn how to use network reconnaissance to pick your targets and gather information. Then, you will use server-side attacks to expose vulnerabilities in web servers and their applications. Client attacks will exploit the way end users use web applications and their workstations. You will also learn how to use open source tools to write reports and get tips on how to sell penetration tests and look out for common pitfalls.
On the completion of this book, you will have the skills needed to use Kali Linux for web penetration tests and expose vulnerabilities on web applications and clients that access them.
What you will learn from this book
- Perform vulnerability reconnaissance to gather information on your targets
- Expose server vulnerabilities and take advantage of them to gain privileged access
- Exploit client-based systems using web application protocols
- Learn how to use SQL and cross-site scripting (XSS) attacks
- Steal authentications through session hijacking techniques
- Harden systems so other attackers do not exploit them easily
- Generate reports for penetration testers
- Learn tips and trade secrets from real world penetration testers
Approach
"Web Penetration Testing with Kali Linux" contains various penetration testing methods using BackTrack that will be used by the reader. It contains clear step-by-step instructions with lot of screenshots. It is written in an easy to understand language which will further simplify the understanding for the user.
application packages. If you would like to install these packages, you need to use a network mirror. The packages are downloaded via HTTP protocol. If your network uses a proxy server, you will also need to configure the proxy settings for you network. [ 26 ] Chapter 1 8. Kali will prompt to install GRUB. GRUB is a multi-bootloader that gives the user the ability to pick and boot up to multiple operating systems. In almost all cases, you should select to install GRUB. If you are configuring
activity to learn operation patterns, and scanning networks or systems to gather information, such as manufacture type, operating system, and open communication ports. The more information that can be gathered about a target brings a better chance of identifying the easiest and fastest method to achieve a penetration goal, as well as best method to avoid existing security. Also, alerting a target will most likely cause certain attack avenues to close as a reaction to preparing for an attack.
proxy server for all protocols and click on OK. The following screenshot demonstrates this configuration: Open Zaproxy and you should see a Sites window on the top-left side. This will populate as you surf the Internet using Firefox. You can view all the requests and responses for each page on the right window. Zaproxy gives an easy view of all the resources being used by each webpage. [ 91 ] Server-side Attacks You can also do a targeted evaluation of a website by going to the quick start
chapters. Chapter 8, Penetration Test Executive Report, offers reporting best practices and samples that can serve as templates for building executive level reports. The purpose of designing the book in this fashion is to give the reader a guide for engaging a web application penetration with the best possible tool(s) available in Kali, offer steps to remediate a vulnerability and provide how data captured could be presented in a professional manner. Preface What this book covers Chapter 1,
methodology There are logical steps recommended for performing a Penetration Test. The first step is identifying the project's starting status. The most common terminology defining the starting state is Black box testing, White box testing, or a blend between White and Black box testing known as Gray box testing. [9] Penetration Testing and Setup Black box assumes the Penetration Tester has no prior knowledge of the target network, company processes, or services it provides. Starting a Black