Table of Contents

Acknowledgments

Family and Friends

Security Community

Scott White—Technical Reviewer

About This Book

A Hands-On Approach

What's in This Book?

A Quick Disclaimer

Chapter 1. The Basics of Web Hacking

Chapter Rundown:

What Is a Web Application?

What You Need to Know About Web Servers

What You Need to Know About HTTP

The Basics of Web Hacking: Our Approach

Web Apps Touch Every Part of IT

Existing Methodologies

Most Common Web Vulnerabilities

Setting Up a Test Environment

Chapter 2. Web Server Hacking

Chapter Rundown:

Vulnerability Scanning

Maintaining Access

Chapter 3. Web Application Recon and Scanning

Chapter Rundown:

Web Application Recon

Web Application Scanning

Chapter 4. Web Application Exploitation with Injection

Chapter Rundown:

SQL Injection Vulnerabilities

SQL Injection Attacks

Operating System Command Injection Vulnerabilities

Operating System Command Injection Attacks

Chapter 5. Web Application Exploitation with Broken Authentication and Path Traversal

Chapter Rundown:

Authentication and Session Vulnerabilities

Path Traversal Vulnerabilities

Brute Force Authentication Attacks

Session Attacks

Path Traversal Attacks

Chapter 6. Web User Hacking

Chapter Rundown:

Cross-Site Scripting (XSS) Vulnerabilities

Cross-Site Request Forgery (CSRF) Vulnerabilities

Technical Social Engineering Vulnerabilities

Web User Scanning

Web User Exploitation

Cross-Site Scripting (XSS) Attacks

Reflected XSS Attacks

Stored XSS Attacks

Cross-Site Request Forgery (CSRF) Attacks

User Attack Frameworks

Chapter 7. Fixes

Chapter Rundown:

Web Server Fixes

Web Application Fixes

Chapter 8. Next Steps

Chapter Rundown:

Security Community Groups and Events

Formal Education

Additional Books