FirstCity
Welcome to First City University College Library iPortal | library@firstcity.edu.my | +603-7735 2088 (Ext. 519)
Amazon cover image
Image from Amazon.com

Kali Linux web penetration testing cookbook : over 80 recipes on how to identify, exploit, and test web application security with Kali Linux 2 / Gilberto N�ajera-Guti�errez.

By: Material type: TextTextSeries: Quick answers to common problemsPublisher: Birmingham, UK : Packt Publishing, 2016Description: 1 online resource : illustrationsContent type:
  • text
Media type:
  • computer
Carrier type:
  • online resource
ISBN:
  • 9781784390853
  • 1784390852
Subject(s): Genre/Form: DDC classification:
  • 005.8 23
LOC classification:
  • QA76.9.A25
Online resources:
Contents:
Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Setting Up Kali Linux; Introduction; Updating and upgrading Kali Linux; Installing and running OWASP Mantra; Setting up the Iceweasel browser; Installing VirtualBox; Creating a vulnerable virtual machine; Creating a client virtual machine; Configuring virtual machines for correct communication; Getting to know web applications on a vulnerable VM; Chapter 2: Reconnaissance; Introduction; Scanning and identifying services with Nmap; Identifying a web application firewall
Watching the source codeUsing Firebug to analyze and alter basic behavior; Obtaining and modifying cookies; Taking advantage of robots.txt; Finding files and folders with DirBuster; Password profiling with CeWL; Using John the Ripper to generate a dictionary; Finding files and folders with ZAP; Chapter 3: Crawlers and Spiders; Introduction; Downloading a page for offline analysis with Wget; Downloading the page for offline analysis with HTTrack; Using ZAP's spider; Using Burp Suite to crawl a website; Repeating requests with Burp's repeater; Using WebScarab
Identifying relevant files and directories from crawling resultsChapter 4: Finding Vulnerabilities; Introduction; Using Hackbar add-on to ease parameter probing; Using Tamper Data add-on to intercept and modify requests; Using ZAP to view and alter requests; Using Burp Suite to view and alter requests; Identifying cross-site scripting (XSS) vulnerabilities; Identifying error based SQL injection; Identifying a blind SQL Injection; Identifying vulnerabilities in cookies; Obtaining SSL and TLS information with SSLScan; Looking for file inclusions; Identifying POODLE vulnerability
Chapter 5: Automated ScannersIntroduction; Scanning with Nikto; Finding vulnerabilities with Wapiti; Using OWASP ZAP to scan for vulnerabilities; Scanning with w3af; Using Vega scanner; Finding Web vulnerabilities with Metasploit's Wmap; Chapter 6: Exploitation -- Low Hanging Fruits; Introduction; Abusing file inclusions and uploads; Exploiting OS Command Injections; Exploiting an XML External Entity Injection; Brute-forcing passwords with THC-Hydra; Dictionary attacks on login pages with Burp Suite; Obtaining session cookies through XSS; Step by step basic SQL Injection
Finding and exploiting SQL Injections with SQLMapAttacking Tomcat's passwords with Metasploit; Using Tomcat Manager to execute code; Chapter 7: Advanced Exploitation; Introduction; Searching Exploit-DB for a web server's vulnerabilities; Exploiting Heartbleed vulnerability; Exploiting XSS with BeEF; Exploiting a Blind SQLi; Using SQLMap to get database information; Performing a cross-site request forgery attack; Executing commands with Shellshock; Cracking password hashes with John the Ripper by using a dictionary; Cracking password hashes by brute force using oclHashcat/cudaHashcat
Star ratings
    Average rating: 0.0 (0 votes)
No physical items for this record

Online resource; title from PDF title page (EBSCO, viewed February 26, 2018).

Includes index.

Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Setting Up Kali Linux; Introduction; Updating and upgrading Kali Linux; Installing and running OWASP Mantra; Setting up the Iceweasel browser; Installing VirtualBox; Creating a vulnerable virtual machine; Creating a client virtual machine; Configuring virtual machines for correct communication; Getting to know web applications on a vulnerable VM; Chapter 2: Reconnaissance; Introduction; Scanning and identifying services with Nmap; Identifying a web application firewall

Watching the source codeUsing Firebug to analyze and alter basic behavior; Obtaining and modifying cookies; Taking advantage of robots.txt; Finding files and folders with DirBuster; Password profiling with CeWL; Using John the Ripper to generate a dictionary; Finding files and folders with ZAP; Chapter 3: Crawlers and Spiders; Introduction; Downloading a page for offline analysis with Wget; Downloading the page for offline analysis with HTTrack; Using ZAP's spider; Using Burp Suite to crawl a website; Repeating requests with Burp's repeater; Using WebScarab

Identifying relevant files and directories from crawling resultsChapter 4: Finding Vulnerabilities; Introduction; Using Hackbar add-on to ease parameter probing; Using Tamper Data add-on to intercept and modify requests; Using ZAP to view and alter requests; Using Burp Suite to view and alter requests; Identifying cross-site scripting (XSS) vulnerabilities; Identifying error based SQL injection; Identifying a blind SQL Injection; Identifying vulnerabilities in cookies; Obtaining SSL and TLS information with SSLScan; Looking for file inclusions; Identifying POODLE vulnerability

Chapter 5: Automated ScannersIntroduction; Scanning with Nikto; Finding vulnerabilities with Wapiti; Using OWASP ZAP to scan for vulnerabilities; Scanning with w3af; Using Vega scanner; Finding Web vulnerabilities with Metasploit's Wmap; Chapter 6: Exploitation -- Low Hanging Fruits; Introduction; Abusing file inclusions and uploads; Exploiting OS Command Injections; Exploiting an XML External Entity Injection; Brute-forcing passwords with THC-Hydra; Dictionary attacks on login pages with Burp Suite; Obtaining session cookies through XSS; Step by step basic SQL Injection

Finding and exploiting SQL Injections with SQLMapAttacking Tomcat's passwords with Metasploit; Using Tomcat Manager to execute code; Chapter 7: Advanced Exploitation; Introduction; Searching Exploit-DB for a web server's vulnerabilities; Exploiting Heartbleed vulnerability; Exploiting XSS with BeEF; Exploiting a Blind SQLi; Using SQLMap to get database information; Performing a cross-site request forgery attack; Executing commands with Shellshock; Cracking password hashes with John the Ripper by using a dictionary; Cracking password hashes by brute force using oclHashcat/cudaHashcat

eBooks on EBSCOhost EBSCO eBook Subscription Academic Collection - Worldwide