Saturday 7 October 2017

Kali Linux Web Penetration Testing Cookbook Gilberto Nájera-Gutiérrez

 Kali Linux Web Penetration Testing Cookbook written by  Gilberto Nájera-Gutiérrez.   Kali Linux Web Penetration Testing Cookbook Gilberto Nájera-Gutiérrez contains Over 80 recipes on how to identify, exploit, and test web application security with Kali Linux 2

Nowadays, information security is a hot topic all over the news and the Internet; we hear almost every day about web page defacements, data leaks of millions of user accounts and passwords or credit card numbers from websites, and identity theft on social networks; terms such as cyber attack, cybercrime, hacker, and even cyberwar are becoming a part of the daily lexicon in the media. All this exposition to information security subjects and the real need to protect sensitive data and their reputation have made organizations more aware of the need to know where their systems are vulnerable; especially, for the ones that are accessible to the world through the Internet, how could they be attacked, and what will be the consequences, in terms of information lost or system compromise if an attack was successful. And more importantly, how to fix those vulnerabilities and minimize the risk. This task of detecting vulnerabilities and discovering their impact on organizations is the one that is addressed through penetration testing. A penetration test is an attack or attacks made by a trained security professional who is using the same techniques and tools that real hackers use in order to discover all the possible weak spots in the organization's systems. These weak spots are exploited and their impact is measured. When the test is finished, the penetration tester informs all their findings and tells how they can be fixed to prevent future damage. In this book you will learn the whole path of a web application penetration test and, in the form of easy-to-follow, step-by-step recipes, show how the vulnerabilities in web applications and web servers can be discovered, exploited, and fixed.

What this book covers?
Chapter 1, Setting Up Kali Linux, takes the reader through the process of configuring and updating the system; also, the installation of virtualization software is covered, including the configuration of the virtual machines that will comprise our penetration testing lab.

Chapter 2, Reconnaissance, enables the reader to put to practice some of the information gathering techniques in order to gain intelligence about the system to be tested, the software installed on it, and how the target web application is built.

Chapter 3, Crawlers and Spiders, shows the reader how to use these tools, which are a must in every analysis of a web application, be it a functional one or more security focused, such as a penetration test.

Chapter 4, Finding Vulnerabilities, explains that the core of a vulnerability analysis or a penetration test is to discover weak spots in the tested applications; recipes are focused on how to manually identify some of the most common vulnerabilities by introducing specific input values on applications' forms and analyzing their outputs.

Chapter 5, Automated Scanners, covers a very important aspect of the discovery of vulnerabilities, the use of tools specially designed to automatically find security laws in web applications: automated vulnerability scanners.

Chapter 6, Exploitation – Low Hanging Fruits, is the frst chapter where we go further than just identifying the existence of some vulnerability. Every recipe in this chapter is focused on exploiting a specific type of vulnerability and using that exploitation to extract sensitive information or gain a more privileged level of access to the application.

Chapter 7, Advanced Exploitation, follows the path of the previous chapter; here, the reader will have the opportunity to practice a more advanced and a more in-depth set of exploitation techniques for the most difficult situations and the most sophisticated setups.

Chapter 8, Man in the Middle Attacks. Although not specifc to web applications, MITM attacks play a very important role in the modern information security scenario. In this chapter, we will see how these are performed and what an attacker can do to their victims through such techniques.

Chapter 9, Client-Side Attacks and Social Engineering, explains how it's constantly said that the user is the weakest link in the security chain, but traditionally, penetration testing assessments exclude client-side attacks and social engineering campaigns. It is the goal of this book to give the reader a global view on penetration testing and to encourage the execution of assessments that cover all the aspects of security; this is why in this chapter we show how users can be targeted by hackers through technological and social means.

Chapter 10, Mitigation of OWASP Top 10, shows that organizations hire penetration testers to attack their servers and applications with the goal of knowing what's wrong, in order to know what they should fx and how. This chapter covers that face of penetration testing by giving simple and direct guidelines on what to do to fx and prevent the most critical web application vulnerabilities according to OWASP (Open Web Application Security Project).

Who this book is for?
We tried to make this book with many kinds of reader in mind. First, computer science students, developers, and systems administrators that want to go one step further in their knowledge about information security or want to pursue a career in the field will find here some very easy-to-follow recipes that will allow them to perform their first penetration test in their own testing laboratory and will also give them the basis and tools to continue practicing and learning. Application developers and systems administrators will also learn how attackers behave in the real world, what steps can be followed to build more secure applications and systems and how to detect malicious behavior. Finally, seasoned security professionals will fnd some intermediate and advanced exploitation techniques and ideas on how to combine two or more vulnerabilities in order to perform amore sophisticated attack.

To download this book just click the below link and download this book for free from mediafire.

Express Your Opinions in comments