Web Penetration Testing with Kali Linux - Third Edition: Explore methods and tools of ethical hacking with Kali Linux

Gilberto Najera-Gutierrez, Juned Ahmed Ansari


Build your defense against web attacks with Kali Linux 2017.3, including command injection flaws, crypto implementation layers, and web application security holes

Key Features

  • How to set up your lab with Kali Linux 2017.3
  • The core concepts of web penetration testing
  • The tools and techniques you need with Kali Linux

Book Description

The 3rd edition of Web Penetration Testing with Kali Linux shows you how to set up a lab and understand the nature and mechanics of attacking websites, and explains classical attacks in great depth. This edition is heavily updated, taking the latest Kali Linux changes to 2017.3 and the most recent attacks into account. Kali LInux shines when it comes to client side attacks and fuzzing in particular, which is covered in depth towards the end of the book.

From the start of the book, you'll be given a thorough grounding in the concepts of hacking and penetration testing itself, and you'll get to know about the tools used in Kali Linux that relate to web application hacking. Then, you will gain a deep understanding of classical SQL and command injection flaws and of course, the many ways to exploit these flaws. Web penetration testing also needs a general account of client side attacks, which is rounded out by a long discussion of scripting and input validation flaws.

There is also a rather an important chapter on cryptographic implementation flaws where the most recent problems with cryptographic layers in the networking stack are discussed. The importance of these attacks cannot be overstated, and so the defenses against them are relevant for most Internet users and of course, penetration testers.

By the end of the book, you will use an automated technique, called fuzzing, to be able to identify flaws in a web application. Finally, you will understand the web application vulnerabilities and the ways in which they can be exploited using the tools in Kali Linux.

What you will learn

  • How to set up your lab with Kali Linux 2017.3
  • The core concepts of web penetration testing
  • The tools and techniques you need with Kali Linux
  • Identify the difference between hacking a web application and network hacking
  • Expose vulnerabilities present in web servers and their applications using server-side attacks
  • Understand the different techniques used to identify the flavor of web applications
  • Standard attacks like exploiting cross-site request forgery and cross-site scripting flaws
  • Teaches the art of client-side attacks
  • Automated attacks like fuzzing web applications

Who This Book Is For

Since this book sets out to cover a large number of tools and security fields, it can work as an introduction to practical security skills for beginners in security. In addition, web programmers, but also system administrators would profit from this rigorous introduction to web penetration testing. Basic system administration skills are necessary, and the ability to read code is a must.