Web Penetration Testing with Kali Linux - Third Edition: Explore methods and tools of ethical hacking with Kali Linux

Build your defense against web attacks with Kali Linux 2017.3, including command injection flaws, crypto implementation layers, and web application security holes

Key Features

• How to set up your lab with Kali Linux 2017.3
• The core concepts of web penetration testing
• The tools and techniques you need with Kali Linux

Book Description

The 3rd edition of Web Penetration Testing with Kali Linux shows you how to set up a lab and understand the nature and mechanics of attacking websites, and explains classical attacks in great depth. This edition is heavily updated, taking the latest Kali Linux changes to 2017.3 and the most recent attacks into account. Kali LInux shines when it comes to client side attacks and fuzzing in particular, which is covered in depth towards the end of the book.

From the start of the book, you'll be given a thorough grounding in the concepts of hacking and penetration testing itself, and you'll get to know about the tools used in Kali Linux that relate to web application hacking. Then, you will gain a deep understanding of classical SQL and command injection flaws and of course, the many ways to exploit these flaws. Web penetration testing also needs a general account of client side attacks, which is rounded out by a long discussion of scripting and input validation flaws.

There is also a rather an important chapter on cryptographic implementation flaws where the most recent problems with cryptographic layers in the networking stack are discussed. The importance of these attacks cannot be overstated, and so the defenses against them are relevant for most Internet users and of course, penetration testers.

By the end of the book, you will use an automated technique, called fuzzing, to be able to identify flaws in a web application. Finally, you will understand the web application vulnerabilities and the ways in which they can be exploited using the tools in Kali Linux.

What you will learn

• How to set up your lab with Kali Linux 2017.3
• The core concepts of web penetration testing
• The tools and techniques you need with Kali Linux
• Identify the difference between hacking a web application and network hacking
• Expose vulnerabilities present in web servers and their applications using server-side attacks
• Understand the different techniques used to identify the flavor of web applications
• Standard attacks like exploiting cross-site request forgery and cross-site scripting flaws
• Teaches the art of client-side attacks
• Automated attacks like fuzzing web applications

Who This Book Is For

Since this book sets out to cover a large number of tools and security fields, it can work as an introduction to practical security skills for beginners in security. In addition, web programmers, but also system administrators would profit from this rigorous introduction to web penetration testing. Basic system administration skills are necessary, and the ability to read code is a must.

使用Kali Linux 2017.3來建立防禦網路攻擊的能力，包括命令注入漏洞、加密實作層和網路應用程式安全漏洞。

重點特色:
- 如何使用Kali Linux 2017.3建立實驗室
- 網路滲透測試的核心概念
- 使用Kali Linux所需的工具和技術

書籍描述:
《Web Penetration Testing with Kali Linux》第三版向您展示如何建立實驗室，了解攻擊網站的本質和機制，並深入解釋傳統攻擊方法。本版經過大幅更新，考慮到最新的Kali Linux 2017.3變化和最新的攻擊方式。Kali Linux在客戶端攻擊和模糊測試方面表現出色，本書會在書末深入介紹這些主題。

從書的開始，您將全面了解駭客和滲透測試的概念，並瞭解與網路應用程式駭客相關的Kali Linux工具。然後，您將深入了解傳統的SQL和命令注入漏洞，當然還有利用這些漏洞的多種方式。網路滲透測試還需要對客戶端攻擊有一般性的了解，本書會詳細討論腳本和輸入驗證漏洞。

書中還有一個相當重要的章節，討論了加密實作漏洞，其中討論了網路堆疊中加密層的最新問題。這些攻擊的重要性不可低估，因此對它們的防禦對大多數網際網路使用者和滲透測試人員都是相關的。

在本書結束時，您將使用一種自動化技術，稱為模糊測試，來識別網路應用程式中的漏洞。最後，您將瞭解網路應用程式的漏洞以及使用Kali Linux工具來利用這些漏洞的方法。

您將學到:
- 如何使用Kali Linux 2017.3建立實驗室
- 網路滲透測試的核心概念
- 使用Kali Linux所需的工具和技術
- 區分駭客網路應用程式和網路駭客的差異
- 利用伺服器端攻擊揭示網路伺服器和應用程式的漏洞
- 瞭解識別網路應用程式類型的不同技術
- 常見攻擊，如利用跨站請求偽造和跨站腳本漏洞
- 教授客戶端攻擊的技巧
- 使用模糊測試攻擊網路應用程式
- 本書適合對安全領域有初步認識的初學者，也適合網路程式設計師和系統管理員，他們可以從這本書中獲得實用的安全技能。基本的系統管理技能是必要的，並且能夠閱讀程式碼是必須的。