Web Penetration Testing with Kali Linux, 2/e(Paperback)

Juned Ahmed Ansari

買這商品的人也買了...

商品描述

Build your defense against web attacks with Kali Sana

About This Book

  • Gain a deep understanding of the flaws in web applications and exploit them in a practical manner
  • Get hands-on web application hacking experience with a range of tools in Kali Sana
  • Develop the practical skills required to master multiple tools in the Kali Sana toolkit

Who This Book Is For

If you are already working as a network penetration tester and want to expand your knowledge of web application hacking, then this book tailored for you. Those who are interested in learning more about the Kali Sana tools that are used to test web applications will find this book a thoroughly useful and interesting guide.

What You Will Learn

  • Set up your lab with Kali Sana
  • Identify the difference between hacking a web application and network hacking
  • Understand the different techniques used to identify the flavor of web applications
  • Expose vulnerabilities present in web servers and their applications using server-side attacks
  • Use SQL and cross-site scripting (XSS) attacks
  • Check for XSS flaws using the burp suite proxy
  • Find out about the mitigation techniques used to negate the effects of the Injection and Blind SQL attacks

In Detail

Kali Sana is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. It contains several hundred tools aimed at various information security tasks such as penetration testing, forensics, and reverse engineering.

At the beginning of the book, you will be introduced to the concepts of hacking and penetration testing and will get to know about the tools used in Kali Sana that relate to web application hacking. Then, you will gain a deep understanding of SQL and command injection flaws and ways to exploit the flaws. Moving on, you will get to know more about scripting and input validation flaws, AJAX, and the security issues related to AJAX.

At the end of the book, you will use an automated technique called fuzzing to be able to identify flaws in a web application. Finally, you will understand the web application vulnerabilities and the ways in which they can be exploited using the tools in Kali Sana.

商品描述(中文翻譯)

使用Kali Sana建立您的網路攻擊防禦

關於本書

- 深入了解網路應用程式的缺陷並實際利用它們
- 透過Kali Sana的各種工具獲得實際的網路應用程式駭客經驗
- 發展掌握Kali Sana工具包中多個工具所需的實際技能

本書適合對網路滲透測試有經驗並希望擴展網路應用程式駭客知識的人。對於想要了解Kali Sana工具在測試網路應用程式中的應用的人來說,本書是一本非常有用且有趣的指南。

您將學到什麼

- 使用Kali Sana建立您的實驗室
- 辨識網路應用程式駭客和網路駭客之間的差異
- 了解識別網路應用程式類型的不同技術
- 利用伺服器端攻擊揭示伺服器和應用程式中的漏洞
- 使用SQL和跨站腳本攻擊
- 使用burp suite代理檢查跨站腳本漏洞
- 了解減輕注入和盲注入攻擊影響的緩解技術

詳細內容

Kali Sana是領先業界的BackTrack Linux滲透測試和安全審計Linux發行版的新一代。它包含數百種工具,旨在進行各種信息安全任務,如滲透測試、取證和逆向工程。

在本書的開頭,您將介紹駭客和滲透測試的概念,並了解與網路應用程式駭客相關的Kali Sana工具。然後,您將深入了解SQL和命令注入漏洞以及利用漏洞的方法。接著,您將更多地了解腳本和輸入驗證漏洞、AJAX以及與AJAX相關的安全問題。

在本書的結尾,您將使用一種自動化技術稱為模糊測試來識別網路應用程式中的漏洞。最後,您將了解網路應用程式的漏洞以及使用Kali Sana工具進行利用的方法。