Discover the most common web vulnerabilities and prevent them from becoming a threat to your site's securityKey FeaturesFamiliarize yourself with the most common web vulnerabilitiesConduct a preliminary assessment of attack surfaces and run exploits in your labExplore new tools in Kali Linux ecosystem for web penetration testingBook DescriptionWeb applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform that provides a huge array of testing tools, many of which can be used to execute web penetration testing.Starting from the setup of a testing laboratory, this book will give you the skills you need to cover every stage of a penetration test: from gathering information about the system and the application to identifying vulnerabilities through manual testing and the use of vulnerability scanners to both basic and advanced exploitation techniques that may lead to a full system compromise. You will explore the latest features of Burp suite and perform wide range of tasks using Burp suite's intruder. Next, you will be able to use automated scanners to find security flaws in web applications and also understand how to bypass basic security controls. Finally, you will be able to put this into the context of OWASP and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively. By the end of the book, you will have the required skills to identify, exploit, and prevent web application vulnerabilities.What You Will LearnSet up a penetration testing laboratory in a secure wayUse proxies, crawlers, and spiders to investigate an entire website in minutesIdentify cross site scripting and client-side vulnerabilitiesExploit vulnerabilities that require complex setups and run custom-made exploitsDiscover and exploit vulnerabilities that allow you to inject code into web applicationsImprove your testing efficiency with the use of automated vulnerability scannersLearn to circumvent some security controls put in place to prevent attacksWho This Book Is ForThis book is for IT professionals, web developers, security enthusiasts, and security professionals who want an accessible reference on how to find, exploit, and prevent security vulnerabilities in web applications. You should know the basics of operating a Linux environment and have some exposure to security technologies and tools.
Author: Gilberto Najera-Gutierrez