Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Web Penetration Testing with Kali Linux 2.0, Second Edition
  • Toc
  • feedback
Web Penetration Testing with Kali Linux 2.0, Second Edition

Web Penetration Testing with Kali Linux 2.0, Second Edition

By : Juned Ahmed Ansari
4 (6)
close
Web Penetration Testing with Kali Linux 2.0, Second Edition

Web Penetration Testing with Kali Linux 2.0, Second Edition

4 (6)
By: Juned Ahmed Ansari

Overview of this book

Kali Linux 2.0 is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. It contains several hundred tools aimed at various information security tasks such as penetration testing, forensics, and reverse engineering. At the beginning of the book, you will be introduced to the concepts of hacking and penetration testing and will get to know about the tools used in Kali Linux 2.0 that relate to web application hacking. Then, you will gain a deep understanding of SQL and command injection flaws and ways to exploit the flaws. Moving on, you will get to know more about scripting and input validation flaws, AJAX, and the security issues related to AJAX. At the end of the book, you will use an automated technique called fuzzing to be able to identify flaws in a web application. Finally, you will understand the web application vulnerabilities and the ways in which they can be exploited using the tools in Kali Linux 2.0.
Table of Contents (12 chapters)
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
1. Introduction to Penetration Testing and Web Applications
1. Introduction to Penetration Testing and Web Applications
Proactive security testing
Rules of engagement
The limitations of penetration testing
The need for testing web applications
Social engineering attacks
A web application overview for penetration testers
Summary
2
2. Setting up Your Lab with Kali Linux
2. Setting up Your Lab with Kali Linux
Kali Linux
Important tools in Kali Linux
Using Tor for penetration testing
Summary
3
3. Reconnaissance and Profiling the Web Server
3. Reconnaissance and Profiling the Web Server
Reconnaissance
Scanning – probing the target
Summary
4
4. Major Flaws in Web Applications
4. Major Flaws in Web Applications
Information leakage
Authentication issues
Path traversal
Injection-based flaws
Cross-site scripting
Cross-site request forgery
Session-based flaws
File inclusion vulnerability
HTTP parameter pollution
HTTP response splitting
Summary
5
5. Attacking the Server Using Injection-based Flaws
5. Attacking the Server Using Injection-based Flaws
Command injection
SQL injection
Summary
6
6. Exploiting Clients Using XSS and CSRF Flaws
chevron up
6. Exploiting Clients Using XSS and CSRF Flaws
The origin of cross-site scripting
An overview of cross-site scripting
Types of cross-site scripting
XSS and JavaScript – a deadly combination
Scanning for XSS flaws
Cross-site request forgery
Summary
7
7. Attacking SSL-based Websites
7. Attacking SSL-based Websites
Secure socket layer
Summary
8
8. Exploiting the Client Using Attack Frameworks
8. Exploiting the Client Using Attack Frameworks
Social engineering attacks
Social engineering toolkit
Spear-phishing attack
Website attack
Browser exploitation framework
Summary
9
9. AJAX and Web Services – Security Issues
9. AJAX and Web Services – Security Issues
Introduction to AJAX
Web services
Summary
10
10. Fuzzing Web Applications
10. Fuzzing Web Applications
Fuzzing basics
Types of fuzzing techniques
Summary
11
Index
Index

An overview of cross-site scripting

In simple terms, the cross-site scripting attack allows the attacker to execute malicious JavaScript in another user's browser. The malicious script is delivered to the client via the website that is vulnerable to XSS. On the client, the web browser sees the scripts as a legitimate part of the website and executes it. When it runs in the victim's browser, the script can force the browser to perform actions similar to the ones done by the user could do. The script can also make the browser execute fraudulent transactions, steal cookies, or redirect the browser to another website.

An XSS attack typically involves the following participants:

  • The attacker who is executing the attack

  • The vulnerable web application

  • The victim using a web browser

  • A third-party website to which the attacker wants to redirect the browser or attack through the victim

Let's look at an example of an attacker executing a XSS attack:

  1. The attacker first tests the various input fields for the...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 4
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete