Mastering Kali Linux for Web Penetration Testing

Michael McPhee

  • 出版商: Packt Publishing
  • 出版日期: 2017-06-28
  • 定價: $1,650
  • 售價: 8.0$1,320
  • 語言: 英文
  • 頁數: 338
  • 裝訂: Paperback
  • ISBN: 1784395072
  • ISBN-13: 9781784395070
  • 相關分類: 資訊安全kali-linuxLinux
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Master the art of exploiting advanced web penetration techniques with Kali Linux 2016.2

About This Book

  • Make the most out of advanced web pen-testing techniques using Kali Linux 2016.2
  • Explore how Stored (a.k.a. Persistent) XSS attacks work and how to take advantage of them
  • Learn to secure your application by performing advanced web based attacks.
  • Bypass internet security to traverse from the web to a private network.

Who This Book Is For

This book targets IT pen testers, security consultants, and ethical hackers who want to expand their knowledge and gain expertise on advanced web penetration techniques. Prior knowledge of penetration testing would be beneficial.

What You Will Learn

  • Establish a fully-featured sandbox for test rehearsal and risk-free investigation of applications
  • Enlist open-source information to get a head-start on enumerating account credentials, mapping potential dependencies, and discovering unintended backdoors and exposed information
  • Map, scan, and spider web applications using nmap/zenmap, nikto, arachni, webscarab, w3af, and NetCat for more accurate characterization
  • Proxy web transactions through tools such as Burp Suite, OWASP's ZAP tool, and Vega to uncover application weaknesses and manipulate responses
  • Deploy SQL injection, cross-site scripting, Java vulnerabilities, and overflow attacks using Burp Suite, websploit, and SQLMap to test application robustness
  • Evaluate and test identity, authentication, and authorization schemes and sniff out weak cryptography before the black hats do

In Detail

You will start by delving into some common web application architectures in use, both in private and public cloud instances. You will also learn about the most common frameworks for testing, such as OWASP OGT version 4, and how to use them to guide your efforts. In the next section, you will be introduced to web pentesting with core tools and you will also see how to make web applications more secure through rigorous penetration tests using advanced features in open source tools. The book will then show you how to better hone your web pentesting skills in safe environments that can ensure low-risk experimentation with the powerful tools and features in Kali Linux that go beyond a typical script-kiddie approach. After establishing how to test these powerful tools safely, you will understand how to better identify vulnerabilities, position and deploy exploits, compromise authentication and authorization, and test the resilience and exposure applications possess.

By the end of this book, you will be well-versed with the web service architecture to identify and evade various protection mechanisms that are used on the Web today. You will leave this book with a greater mastery of essential test techniques needed to verify the secure design, development, and operation of your customers' web applications.

Style and approach

An advanced-level guide filled with real-world examples that will help you take your web application’s security to the next level by using Kali Linux 2016.2.

商品描述(中文翻譯)

精通使用Kali Linux 2016.2進行高級網絡滲透技術的藝術

關於本書
- 利用Kali Linux 2016.2最大程度地發揮高級網絡滲透測試技術
- 探索存儲(又稱持久性)XSS攻擊的工作原理以及如何利用它們
- 通過執行高級基於Web的攻擊來保護應用程序
- 繞過網絡安全,從Web進入私有網絡

本書適合對象
- 本書針對IT滲透測試人員、安全顧問和道德黑客,他們希望擴展自己的知識並在高級網絡滲透測試技術上獲得專業知識。具備滲透測試的先備知識將有益。

你將學到什麼
- 建立一個完整功能的測試環境,進行風險評估和無風險調查應用程序
- 利用開源信息,提前枚舉帳戶憑據、映射潛在依賴關係,發現意外的後門和暴露的信息
- 使用nmap/zenmap、nikto、arachni、webscarab、w3af和NetCat等工具對Web應用程序進行映射、掃描和爬行,以獲得更準確的特徵描述
- 通過Burp Suite、OWASP的ZAP工具和Vega等工具代理Web事務,揭示應用程序的弱點並操縱響應
- 使用Burp Suite、websploit和SQLMap部署SQL注入、跨站腳本、Java漏洞和溢出攻擊,測試應用程序的強健性
- 在黑客之前評估和測試身份驗證和授權方案,並嗅探出弱加密
- 透過本書,你將深入了解Web服務架構,以識別和規避當今Web上使用的各種保護機制。你將通過掌握必要的測試技術,能夠驗證客戶Web應用程序的安全設計、開發和運營。

風格和方法
- 這是一本高級指南,充滿了真實世界的例子,將幫助你通過使用Kali Linux 2016.2將你的Web應用程序安全性提升到更高的水平。