Kali Linux Web Penetration Testing Cookbook - Second Edition: Identify, exploit, and test web application security with Kali Linux 2018.x

Gilberto Najera-Gutierrez



Discover the most common web vulnerabilities and prevent them from becoming a threat to your site's security

Key Features

  • Familiarize yourself with the most common web vulnerabilities
  • Conduct a preliminary assessment of attack surfaces and run exploits in your lab
  • Explore new tools in the Kali Linux ecosystem for web penetration testing

Book Description

Web applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform that provides a broad array of testing tools, many of which can be used to execute web penetration testing.

Kali Linux Web Penetration Testing Cookbook gives you the skills you need to cover every stage of a penetration test – from gathering information about the system and application, to identifying vulnerabilities through manual testing. You will also cover the use of vulnerability scanners and look at basic and advanced exploitation techniques that may lead to a full system compromise. You will start by setting up a testing laboratory, exploring the latest features of tools included in Kali Linux and performing a wide range of tasks with OWASP ZAP, Burp Suite and other web proxies and security testing tools.

As you make your way through the book, you will learn how to use automated scanners to find security ?aws in web applications and understand how to bypass basic security controls. In the concluding chapters, you will look at what you have learned in the context of the Open Web Application Security Project (OWASP) and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively.

By the end of this book, you will have acquired the skills you need to identify, exploit, and prevent web application vulnerabilities.

What you will learn

  • Set up a secure penetration testing laboratory
  • Use proxies, crawlers, and spiders to investigate an entire website
  • Identify cross-site scripting and client-side vulnerabilities
  • Exploit vulnerabilities that allow the insertion of code into web applications
  • Exploit vulnerabilities that require complex setups
  • Improve testing efficiency using automated vulnerability scanners
  • Learn how to circumvent security controls put in place to prevent attacks

Who this book is for

Kali Linux Web Penetration Testing Cookbook is for IT professionals, web developers, security enthusiasts, and security professionals who want an accessible reference on how to find, exploit, and prevent security vulnerabilities in web applications. The basics of operating a Linux environment and prior exposure to security technologies and tools are necessary.

Table of Contents

  1. Setting up Kali Linux and the Testing Lab
  2. Reconnaissance
  3. Using Proxies, Crawlers and Spiders
  4. Testing Authentication and Session Management
  5. Cross-Site Scripting and Client-Side Attacks
  6. Exploiting Injection Vulnerabilities
  7. Exploiting Platform Vulnerabilities
  8. Using Automated Scanners
  9. Bypassing Basic Security Controls
  10. Mitigation of OWASP Top 10 Vulnerabilities



- 熟悉最常見的網路漏洞
- 在實驗室中進行攻擊面的初步評估並執行攻擊
- 探索 Kali Linux 生態系統中的新工具進行網路滲透測試

網路應用程式是惡意駭客攻擊的主要目標,也是安全專業人員和滲透測試人員必須加強保護和防範的關鍵領域。Kali Linux 是一個基於 Linux 的滲透測試平台,提供了廣泛的測試工具,其中許多可用於執行網路滲透測試。

《Kali Linux 網路滲透測試食譜》將為您提供完成滲透測試的各個階段所需的技能,從收集系統和應用程式資訊,到通過手動測試識別漏洞。您還將學習使用漏洞掃描器,並研究可能導致系統完全被入侵的基本和高級利用技術。您將首先建立一個測試實驗室,探索 Kali Linux 中包含的最新功能,並使用 OWASP ZAP、Burp Suite 和其他網路代理和安全測試工具執行各種任務。

隨著您閱讀本書的過程,您將學習如何使用自動化掃描器找到網路應用程式中的安全漏洞,並了解如何繞過基本的安全控制。在最後幾章中,您將在 Open Web Application Security Project (OWASP) 的框架下,探討您最有可能遇到的前十個網路應用程式漏洞,並具備有效對抗它們的能力。


- 建立安全的滲透測試實驗室
- 使用代理、爬蟲和蜘蛛來調查整個網站
- 識別跨站腳本和客戶端漏洞
- 利用允許將代碼插入網路應用程式的漏洞
- 利用需要複雜設置的漏洞
- 使用自動化漏洞掃描器提高測試效率
- 學習如何繞過用於防止攻擊的安全控制措施

《Kali Linux 網路滲透測試食譜》適合 IT 專業人士、網頁開發人員、安全愛好者和安全專業人員,他們希望在網路應用程式中找到、利用和防止安全漏洞,需要具備操作 Linux 環境的基礎知識,以及對安全技術和工具有一定的了解。

1. 設置 Kali Linux 和測試實驗室
2. 偵察
3. 使用代理、爬蟲和蜘蛛
4. 測試身份驗證和會話管理
5. 跨站腳本和客戶端攻擊
6. 利用注入漏洞
7. 利用平台漏洞
8. 使用自動化掃描器
9. 繞過基本的安全控制
10. OWASP 前十大漏洞的緩解措施