Build your defense against web attacks with Kali Linux 2017.3, including command injection flaws, crypto implementation layers, and web application security holesKey FeaturesHow to set up your lab with Kali Linux 2017.3The core concepts of web penetration testingThe tools and techniques you need with Kali LinuxBook DescriptionThe 3rd edition of Web Penetration Testing with Kali Linux shows you how to set up a lab and understand the nature and mechanics of attacking websites, and explains classical attacks in great depth. This edition is heavily updated, taking the latest Kali Linux changes to 2017.3 and the most recent attacks into account. Kali LInux shines when it comes to client side attacks and fuzzing in particular, which is covered in depth towards the end of the book.From the start of the book, you'll be given a thorough grounding in the concepts of hacking and penetration testing itself, and you'll get to know about the tools used in Kali Linux that relate to web application hacking. Then, you will gain a deep understanding of classical SQL and command injection flaws and of course, the many ways to exploit these flaws. Web penetration testing also needs a general account of client side attacks, which is rounded out by a long discussion of scripting and input validation flaws.There is also a rather an important chapter on cryptographic implementation flaws where the most recent problems with cryptographic layers in the networking stack are discussed. The importance of these attacks cannot be overstated, and so the defenses against them are relevant for most Internet users and of course, penetration testers.By the end of the book, you will use an automated technique, called fuzzing, to be able to identify flaws in a web application. Finally, you will understand the web application vulnerabilities and the ways in which they can be exploited using the tools in Kali Linux.What you will learnHow to set up your lab with Kali Linux 2017.3The core concepts of web penetration testingThe tools and techniques you need with Kali LinuxIdentify the difference between hacking a web application and network hackingExpose vulnerabilities present in web servers and their applications using server-side attacksUnderstand the different techniques used to identify the flavor of web applicationsStandard attacks like exploiting cross-site request forgery and cross-site scripting flawsTeaches the art of client-side attacksAutomated attacks like fuzzing web applicationsWho This Book Is ForSince this book sets out to cover a large number of tools and security fields, it can work as an introduction to practical security skills for beginners in security. In addition, web programmers, but also system administrators would profit from this rigorous introduction to web penetration testing. Basic system administration skills are necessary, and the ability to read code is a must.About the AuthorGilberto Najera-Gutierrez leads the Security Testing Team (STT) at Sm4rt Security Services, one of the top security firms in Mexico.He is also an Offensive Seucrity Certified Professional (OSCP), and EC Council Certified Security Administrator (ECSA), and holds a master’s degree in computer science with specialization in artificial intelligence.He has been working as a Penetration Tester since 2013 and has been a security enthusiast since high school, he has been conducting penetration tests on networks and applications ofsome of the biggest corporations in Mexico, such as government agencies and financial institutions.
Author: Gilberto Najera-Gutierrez