Hands-On Web Penetration Testing with Metasploit: The subtle art of using Metasploit 5.0 for web application exploitation
Sharma, Himanshu, Singh, Harpreet
- 出版商: Packt Publishing
- 出版日期: 2020-05-22
- 售價: $1,970
- 貴賓價: 9.5 折 $1,872
- 語言: 英文
- 頁數: 544
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1789953529
- ISBN-13: 9781789953527
-
相關分類:
Metasploit、Penetration-test
-
相關翻譯:
Web 滲透測試實戰:基於 Metasploit 5.0 (Hands-On Web Penetration Testing with Metasploit: The subtle art of using Metasploit 5.0 for web application exploitation) (簡中版)
買這商品的人也買了...
-
深入淺出設計模式 (Head First Design Patterns)$880$695 -
深入淺出物件導向分析與設計 (Head First Object-Oriented Analysis and Design)$880$616 -
深入淺出 C (Head First C)$880$695 -
物件導向設計模式-可再利用物件導向軟體之要素 (精裝典藏版) (Design Patterns: Elements of Reusable Object-Oriented Software)$550$550 -
大話重構$390$332 -
流暢的 Python|清晰、簡潔、有效的程式設計 (Fluent Python)$980$774 -
資安風險評估指南 (Network Security Assessment, 3/e)$780$663 -
從需求到設計:如何設計出客戶想要的產品 (十週年紀念版) (Exploring Requirements: Quality Before Design)$580$522 -
資安防禦指南|資訊安全架構實務典範 (Defensive Security Handbook: Best Practices for Securing Infrastructure)$580$458 -
簡潔的 Python|重構你的舊程式 (Clean Code in Python: Refactor your legacy codebase)$480$379 -
深入淺出學會編寫程式 (Head First Learn to Code: A Learner's Guide to Coding and Computational Thinking)$880$695 -
圖解資訊安全與個資保護|網路時代人人要懂的自保術$380$323 -
Python 設計模式$650$514 -
Python 3反爬蟲原理與繞過實戰$454$427 -
Python:期權演算法交易實務 180個關鍵技巧詳解$580$452 -
Python 神乎其技 全新超譯版 - 快速精通 Python 進階功能, 寫出 Pythonic 的程式 (Python Tricks: A Buffet of Awesome Python Features)$580$493 -
架構模式|使用 Python (Architecture Patterns with Python: Enabling Test-Driven Development, Domain-Driven Design, and Event-Driven Microservices)$680$537 -
Python 最強入門邁向頂尖高手之路:王者歸來, 2/e (全彩版)$1,080$853 -
零信任網路|在不受信任的網路中建構安全系統 (Zero Trust Networks)$480$379 -
Effective Python 中文版|寫出良好 Python 程式的 90個具體做法, 2/e (Effective Python: 90 Specific Ways to Write Better Python, 2/e)$580$493 -
演算法入門圖解|使用 Python$450$356 -
Python 滲透測試實戰$474$450 -
Python : 股票演算法交易實務 147個關鍵技巧詳解, 2/e$580$452 -
Python 功力提升的樂趣|寫出乾淨程式碼的最佳實務 (Beyond the Basic Stuff with Python)$500$375 -
Python 技術者們 -- 實踐!帶你一步一腳印由初學到精通, 2/e$650$553
相關主題
商品描述
Key Features
- Get up to speed with Metasploit and discover how to use it for pentesting
- Understand how to exploit and protect your web environment effectively
- Learn how an exploit works and what causes vulnerabilities
Book Description
Metasploit has been a crucial security tool for many years. However, there are only a few modules that Metasploit has made available to the public for pentesting web applications. In this book, you'll explore another aspect of the framework – web applications – which is not commonly used. You'll also discover how Metasploit, when used with its inbuilt GUI, simplifies web application penetration testing.
The book starts by focusing on the Metasploit setup, along with covering the life cycle of the penetration testing process. Then, you will explore Metasploit terminology and the web GUI, which is available in the Metasploit Community Edition. Next, the book will take you through pentesting popular content management systems such as Drupal, WordPress, and Joomla, which will also include studying the latest CVEs and understanding the root cause of vulnerability in detail. Later, you'll gain insights into the vulnerability assessment and exploitation of technological platforms such as JBoss, Jenkins, and Tomcat. Finally, you'll learn how to fuzz web applications to find logical security vulnerabilities using third-party tools.
By the end of this book, you'll have a solid understanding of how to exploit and validate vulnerabilities by working with various tools and techniques.
What you will learn
- Get up to speed with setting up and installing the Metasploit framework
- Gain first-hand experience of the Metasploit web interface
- Use Metasploit for web-application reconnaissance
- Understand how to pentest various content management systems
- Pentest platforms such as JBoss, Tomcat, and Jenkins
- Become well-versed with fuzzing web applications
- Write and automate penetration testing reports
Who this book is for
This book is for web security analysts, bug bounty hunters, security professionals, or any stakeholder in the security sector who wants to delve into web application security testing. Professionals who are not experts with command line tools or Kali Linux and prefer Metasploit's graphical user interface (GUI) will also find this book useful. No experience with Metasploit is required, but basic knowledge of Linux and web application pentesting will be helpful.
目錄大綱
- Introduction to Web Application Penetration Testing
- Metasploit Essentials
- The Metasploit Web Interface
- Using Metasploit for Reconnaissance
- Web Application Enumeration using Metasploit
- Vulnerability scanning using WMAP
- Vulnerability Assessment using Metasploit (Nessus)
- Pentesting CMSes ― WordPress
- Pentesting CMSes ― Joomla
- Pentesting CMSes ― Drupal
- Penetration Testing on Technological Platforms ― JBoss
- Penetration Testing on Technological Platforms ― Apache Tomcat
- Penetration Testing on Technological Platforms ― Jenkins
- Web Application Fuzzing ― Logical Bug Hunting
- Writing Penetration Testing Reports
