Web Penetration Testing with Kali Linux. Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit

(ebook) (audiobook) (audiobook)

Autorzy:: Joseph Muniz, Aamir Lakhani, Aamir Lakhani

+159 pkt

Web Penetration Testing with Kali Linux. Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit Joseph Muniz, Aamir Lakhani, Aamir Lakhani - okładka ebooka

Wydawnictwo:: Packt Publishing (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 342
Dostępne formaty:: PDF

ePub

Mobi

+159 pkt

Ebook

159,00 zł

Dodaj do koszyka lub Kup na prezent
Kup 1-kliknięciem

Przenieś na półkę

Do przechowalni

Najczęściej kupowane razem

Penetration Testing with Raspberry Pi. Construct a hacking arsenal for penetration testers or hacking enthusiasts using Kali Linux on a Raspberry Pi Joseph Muniz, Joseph Muniz, Aamir Lakhani

Kali Linux. Testy penetracyjne Joseph Muniz, Aamir Lakhani

Cena zestawu: 266,04 zł

Oszczędzasz: 46,95 zł ( 23% )

Dodaj do koszyka

Kali Linux is built for professional penetration testing and security auditing. It is the next-generation of BackTrack, the most popular open-source penetration toolkit in the world. Readers will learn how to think like real attackers, exploit systems, and expose vulnerabilities.

Even though web applications are developed in a very secure environment and have an intrusion detection system and firewall in place to detect and prevent any malicious activity, open ports are a pre-requisite for conducting online business. These ports serve as an open door for attackers to attack these applications. As a result, penetration testing becomes essential to test the integrity of web-applications. Web Penetration Testing with Kali Linux is a hands-on guide that will give you step-by-step methods on finding vulnerabilities and exploiting web applications.

Web Penetration Testing with Kali Linux looks at the aspects of web penetration testing from the mind of an attacker. It provides real-world, practical step-by-step instructions on how to perform web penetration testing exercises.

You will learn how to use network reconnaissance to pick your targets and gather information. Then, you will use server-side attacks to expose vulnerabilities in web servers and their applications. Client attacks will exploit the way end users use web applications and their workstations. You will also learn how to use open source tools to write reports and get tips on how to sell penetration tests and look out for common pitfalls.

On the completion of this book, you will have the skills needed to use Kali Linux for web penetration tests and expose vulnerabilities on web applications and clients that access them.

Wybrane bestsellery

O autorach ebooka

Joseph Muniz is a technical solutions architect and security researcher. He started his career in software development and later managed networks as a contracted technical resource. Joseph moved into consulting and found a passion for security while meeting with a variety of customers. He has been involved with the design and implementation of multiple projects ranging from Fortune 500 corporations to large federal networks.

Joseph runs TheSecurityBlogger.com website, a popular resources regarding security and product implementation. You can also find Joseph speaking at live events as well as involved with other publications. Recent events include speaker for Social Media Deception at the 2013 ASIS International conference, speaker for Eliminate Network Blind Spots with Data Center Security webinar, speaker for Making Bring Your Own Device (BYOD) Work at the Government Solutions Forum, Washington DC, and an article on Compromising Passwords in PenTest Magazine - Backtrack Compendium, July 2013.

Outside of work, he can be found behind turntables scratching classic vinyl or on the soccer pitch hacking away at the local club teams.

Aamir Lakhani is a leading cyber security architect, senior strategist, and researcher. He is responsible for providing IT security solutions to major commercial and federal enterprise organizations. Lakhani leads projects that implement security postures for Fortune 500 companies, government organizations, major healthcare providers, educational institutions, and financial and media organizations. Lakhani has designed offensive counter-defense measures, and has assisted organizations in defending themselves from active strike-back attacks perpetrated by underground cyber groups. Lakhani is considered an industry leader in support of detailed architectural engagements and projects on topics related to cyber defense, mobile application threats, malware, advanced persistent threat (APT) research, and Dark Security. Lakhani is the author and contributor of several books that include Web Penetration Testing with Kali Linux and XenMobile MDM, both by Packt Publishing, and he has appeared on National Public Radio as an expert on cyber security. Lakhani runs the blog DrChaos.com, which was ranked as a leading source for cyber security by FedTech Magazine. He has been named one of the top personalities to follow on social media, ranked highly as leader in his field, and he continues to dedicate his career to cyber security, research, and education.

Ebooka "Web Penetration Testing with Kali Linux. Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit" przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka "Web Penetration Testing with Kali Linux. Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit" posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolnych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video "Web Penetration Testing with Kali Linux. Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit" zobaczysz:

Oceny i opinie klientów: Web Penetration Testing with Kali Linux. Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit Joseph Muniz, Aamir Lakhani, Aamir Lakhani (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.

Szczegóły ebooka

Tytuł oryginału:: Web Penetration Testing with Kali Linux. Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit.
ISBN Ebooka:: 978-17-821-6317-6, 9781782163176
Data wydania ebooka:: 2013-09-25 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
Język publikacji:: angielski
Rozmiar pliku Pdf:: 19.6MB
Rozmiar pliku ePub:: 45.4MB
Rozmiar pliku Mobi:: 95.2MB

Kategorie

Kliknij, aby zgłosić błędnie przypisaną kategorię »

Informatyka » Systemy operacyjne » Linux

Spis treści ebooka

Web Penetration Testing with Kali Linux
- Table of Contents
- Web Penetration Testing with Kali Linux
- Credits
- About the Authors
- About the Reviewers
- www.PacktPub.com
  - Support files, eBooks, discount offers and more
    - Why Subscribe?
    - Free Access for Packt account holders
- Preface
  - What this book covers
  - What you need for this book
  - Who this book is for
  - Conventions
  - Reader feedback
  - Customer support
    - Errata
    - Piracy
    - Questions
- 1. Penetration Testing and Setup
  - Web application Penetration Testing concepts
  - Penetration Testing methodology
    - Calculating risk
  - Kali Penetration Testing concepts
    - Step 1 Reconnaissance
    - Step 2 Target evaluation
    - Step 3 Exploitation
    - Step 4 Privilege Escalation
    - Step 5 maintaining a foothold
  - Introducing Kali Linux
  - Kali system setup
    - Running Kali Linux from external media
    - Installing Kali Linux
    - Kali Linux and VM image first run
  - Kali toolset overview
  - Summary
- 2. Reconnaissance
  - Reconnaissance objectives
  - Initial research
    - Company website
    - Web history sources
    - Regional Internet Registries (RIRs)
    - Electronic Data Gathering, Analysis, and Retrieval (EDGAR)
    - Social media resources
    - Trust
    - Job postings
    - Location
    - Shodan
    - Google hacking
    - Google Hacking Database
    - Researching networks
      - HTTrack clone a website
      - ICMP Reconnaissance techniques
      - DNS Reconnaissance techniques
      - DNS target identification
      - Maltego Information Gathering graphs
    - Nmap
      - FOCA website metadata Reconnaissance
  - Summary
- 3. Server-side Attacks
  - Vulnerability assessment
    - Webshag
    - Skipfish
    - ProxyStrike
    - Vega
    - Owasp-Zap
    - Websploit
  - Exploitation
    - Metasploit
    - w3af
  - Exploiting e-mail systems
  - Brute-force attacks
    - Hydra
    - DirBuster
    - WebSlayer
  - Cracking passwords
    - John the Ripper
  - Man-in-the-middle
    - SSL strip
      - Starting the attack redirection
      - Setting up port redirection using Iptables
  - Summary
- 4. Client-side Attacks
  - Social engineering
  - Social Engineering Toolkit (SET)
    - Using SET to clone and attack
  - MitM Proxy
  - Host scanning
    - Host scanning with Nessus
      - Installing Nessus on Kali
      - Using Nessus
  - Obtaining and cracking user passwords
    - Windows passwords
      - Mounting Windows
      - Linux passwords
  - Kali password cracking tools
    - Johnny
    - hashcat and oclHashcat
    - samdump2
    - chntpw
    - Ophcrack
    - Crunch
  - Other tools available in Kali
    - Hash-identifier
    - dictstat
    - RainbowCrack (rcracki_mt)
    - findmyhash
    - phrasendrescher
    - CmosPwd
    - creddump
  - Summary
- 5. Attacking Authentication
  - Attacking session management
    - Clickjacking
  - Hijacking web session cookies
  - Web session tools
    - Firefox plugins
    - Firesheep Firefox plugin
    - Web Developer Firefox plugin
    - Greasemonkey Firefox plugin
    - Cookie Injector Firefox plugin
    - Cookies Manager+ Firefox plugin
    - Cookie Cadger
    - Wireshark
    - Hamster and Ferret
    - Man-in-the-middle attack
    - dsniff and arpspoof
    - Ettercap
    - Driftnet
  - SQL Injection
    - sqlmap
  - Cross-site scripting (XSS)
  - Testing cross-site scripting
  - XSS cookie stealing / Authentication hijacking
  - Other tools
    - urlsnarf
    - acccheck
    - hexinject
    - Patator
    - DBPwAudit
  - Summary
- 6. Web Attacks
  - Browser Exploitation Framework BeEF
  - FoxyProxy Firefox plugin
  - BURP Proxy
  - OWASP ZAP
  - SET password harvesting
  - Fimap
  - Denial of Services (DoS)
    - THC-SSL-DOS
    - Scapy
    - Slowloris
  - Low Orbit Ion Cannon
  - Other tools
    - DNSCHEF
    - SniffJoke
    - Siege
    - Inundator
    - TCPReplay
  - Summary
- 7. Defensive Countermeasures
  - Testing your defenses
    - Baseline security
    - STIG
    - Patch management
    - Password policies
  - Mirror your environment
    - HTTrack
    - Other cloning tools
  - Man-in-the-middle defense
    - SSL strip defense
  - Denial of Service defense
  - Cookie defense
  - Clickjacking defense
  - Digital forensics
    - Kali Forensics Boot
      - Filesystem analysis with Kali
    - dc3dd
    - Other forensics tools in Kali
      - chkrootkit
      - Autopsy
      - Binwalk
      - pdf-parser
      - Foremost
      - Pasco
      - Scalpel
      - bulk_extractor
  - Summary
- 8. Penetration Test Executive Report
  - Compliance
  - Industry standards
  - Professional services
  - Documentation
  - Report format
    - Cover page
    - Confidentiality statement
    - Document control
    - Timeline
    - Executive summary
    - Methodology
    - Detailed testing procedures
    - Summary of findings
    - Vulnerabilities
    - Network considerations and recommendations
    - Appendices
    - Glossary
  - Statement of Work (SOW)
    - External Penetration Testing
    - Additional SOW material
  - Kali reporting tools
    - Dradis
    - KeepNote
    - Maltego CaseFile
    - MagicTree
    - CutyCapt
    - Sample reports
  - Summary
- Index

pokaż cały spis treści