舉報 
會員
Kali Linux Web Penetration Testing Cookbook
最新章節:
Index
ThisbookisforITprofessionals,webdevelopers,securityenthusiasts,andsecurityprofessionalswhowantanaccessiblereferenceonhowtofind,exploit,andpreventsecurityvulnerabilitiesinwebapplications.YoushouldknowthebasicsofoperatingaLinuxenvironmentandhavesomeexposuretosecuritytechnologiesandtools.
目錄(111章)
倒序
- 封面
- 版權信息
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Preface
- Chapter 1. Setting Up Kali Linux
- Introduction
- Updating and upgrading Kali Linux
- Installing and running OWASP Mantra
- Setting up the Iceweasel browser
- Installing VirtualBox
- Creating a vulnerable virtual machine
- Creating a client virtual machine
- Configuring virtual machines for correct communication
- Getting to know web applications on a vulnerable VM
- Chapter 2. Reconnaissance
- Introduction
- Scanning and identifying services with Nmap
- Identifying a web application firewall
- Watching the source code
- Using Firebug to analyze and alter basic behavior
- Obtaining and modifying cookies
- Taking advantage of robots.txt
- Finding files and folders with DirBuster
- Password profiling with CeWL
- Using John the Ripper to generate a dictionary
- Finding files and folders with ZAP
- Chapter 3. Crawlers and Spiders
- Introduction
- Downloading a page for offline analysis with Wget
- Downloading the page for offline analysis with HTTrack
- Using ZAP's spider
- Using Burp Suite to crawl a website
- Repeating requests with Burp's repeater
- Using WebScarab
- Identifying relevant files and directories from crawling results
- Chapter 4. Finding Vulnerabilities
- Introduction
- Using Hackbar add-on to ease parameter probing
- Using Tamper Data add-on to intercept and modify requests
- Using ZAP to view and alter requests
- Using Burp Suite to view and alter requests
- Identifying cross-site scripting (XSS) vulnerabilities
- Identifying error based SQL injection
- Identifying a blind SQL Injection
- Identifying vulnerabilities in cookies
- Obtaining SSL and TLS information with SSLScan
- Looking for file inclusions
- Identifying POODLE vulnerability
- Chapter 5. Automated Scanners
- Introduction
- Scanning with Nikto
- Finding vulnerabilities with Wapiti
- Using OWASP ZAP to scan for vulnerabilities
- Scanning with w3af
- Using Vega scanner
- Finding Web vulnerabilities with Metasploit's Wmap
- Chapter 6. Exploitation – Low Hanging Fruits
- Introduction
- Abusing file inclusions and uploads
- Exploiting OS Command Injections
- Exploiting an XML External Entity Injection
- Brute-forcing passwords with THC-Hydra
- Dictionary attacks on login pages with Burp Suite
- Obtaining session cookies through XSS
- Step by step basic SQL Injection
- Finding and exploiting SQL Injections with SQLMap
- Attacking Tomcat's passwords with Metasploit
- Using Tomcat Manager to execute code
- Chapter 7. Advanced Exploitation
- Introduction
- Searching Exploit-DB for a web server's vulnerabilities
- Exploiting Heartbleed vulnerability
- Exploiting XSS with BeEF
- Exploiting a Blind SQLi
- Using SQLMap to get database information
- Performing a cross-site request forgery attack
- Executing commands with Shellshock
- Cracking password hashes with John the Ripper by using a dictionary
- Cracking password hashes by brute force using oclHashcat/cudaHashcat
- Chapter 8. Man in the Middle Attacks
- Introduction
- Setting up a spoofing attack with Ettercap
- Being the MITM and capturing traffic with Wireshark
- Modifying data between the server and the client
- Setting up an SSL MITM attack
- Obtaining SSL data with SSLsplit
- Performing DNS spoofing and redirecting traffic
- Chapter 9. Client-Side Attacks and Social Engineering
- Introduction
- Creating a password harvester with SET
- Using previously saved pages to create a phishing site
- Creating a reverse shell with Metasploit and capturing its connections
- Using Metasploit's browser_autpwn2 to attack a client
- Attacking with BeEF
- Tricking the user to go to our fake site
- Chapter 10. Mitigation of OWASP Top 10
- Introduction
- A1 – Preventing injection attacks
- A2 – Building proper authentication and session management
- A3 – Preventing cross-site scripting
- A4 – Preventing Insecure Direct Object References
- A5 – Basic security configuration guide
- A6 – Protecting sensitive data
- A7 – Ensuring function level access control
- A8 – Preventing CSRF
- A9 – Where to look for known vulnerabilities on third-party components
- A10 – Redirect validation
- Index 更新時間:2021-07-16 12:54:15
推薦閱讀
- Power Up Your PowToon Studio Project
- 跟“龍哥”學C語言編程
- Access 數據庫應用教程
- 基于差分進化的優化方法及應用
- INSTANT CakePHP Starter
- Interactive Applications Using Matplotlib
- Python時間序列預測
- C++面向對象程序設計習題解答與上機指導(第三版)
- Working with Odoo
- Python深度學習:模型、方法與實現
- .NET 4.5 Parallel Extensions Cookbook
- Arduino可穿戴設備開發
- 從Excel到Python數據分析:Pandas、xlwings、openpyxl、Matplotlib的交互與應用
- Java程序設計實用教程(第2版)
- Software Architecture with Python
- Python Penetration Testing Essentials
- 信息學奧林匹克競賽初賽精講精練
- Learning GraphQL and Relay
- Java Web程序開發參考手冊
- Java 8實戰
- C語言開發手冊
- Oracle Application Integration Architecture(AIA) Foundation Pack 11gR1:Essentials
- PhoneGap and AngularJS for Cross:platform Development
- 計算機文化基礎
- 跨平臺的移動Web開發實戰(HTML5+CSS3)
- Python 3 程序設計
- 好好學Python:從零基礎到項目實戰
- 移動終端應用創意與程序設計(2013版)
- PLC標準化編程原理與方法
- Python數據結構學習筆記
