Kali Linux Web Penetration Testing Cookbook

Discover the most common web vulnerabilities and prevent them from becoming a threat to your site's security

Key Features Familiarize yourself with the most common web vulnerabilities Conduct a preliminary assessment of attack surfaces and run exploits in your lab Explore new tools in Kali Linux ecosystem for web penetration testing Book Description

Web applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform that provides a huge array of testing tools, many of which can be used to execute web penetration testing.

Starting from the setup of a testing laboratory, this book will give you the skills you need to cover every stage of a penetration test: from gathering information about the system and the application to identifying vulnerabilities through manual testing and the use of vulnerability scanners to both basic and advanced exploitation techniques that may lead to a full system compromise. You will explore the latest features of Burp suite and perform wide range of tasks using Burp suite’s intruder. Next, you will be able to use automated scanners to find security flaws in web applications and also understand how to bypass basic security controls. Finally, you will be able to put this into the context of OWASP and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively. By the end of the book, you will have the required skills to identify, exploit, and prevent web application vulnerabilities.

What You Will Learn Set up a penetration testing laboratory in a secure way Use proxies, crawlers, and spiders to investigate an entire website in minutes Identify cross site scripting and client-side vulnerabilities Exploit vulnerabilities that require complex setups and run custom-made exploits Discover and exploit vulnerabilities that allow you to inject code into web applications Improve your testing efficiency with the use of automated vulnerability scanners Learn to circumvent some security controls put in place to prevent attacks Who This Book Is For

This book is for IT professionals, web developers, security enthusiasts, and security professionals who want an accessible reference on how to find, exploit, and prevent security vulnerabilities in web applications. You should know the basics of operating a Linux environment and have some exposure to security technologies and tools.

About the Author

Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN); he also holds a Master's degree in Computer Science with specialization in Artificial Intelligence.

Gilberto has been working as a penetration tester since 2013, and he has been a security enthusiast for almost 20 years. He has successfully conducted penetration tests on networks and applications of some the biggest corporations, government agencies, and financial institutions in Mexico and Australia.