更新时间:2021-06-24 18:45:57
coverpage
Title Page
Dedication
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the authors
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Introduction to Penetration Testing and Web Applications
Proactive security testing
Different testing methodologies
Ethical hacking
Penetration testing
Vulnerability assessment
Security audits
Considerations when performing penetration testing
Rules of Engagement
The type and scope of testing
Client contact details
Client IT team notifications
Sensitive data handling
Status meeting and reports
The limitations of penetration testing
The need for testing web applications
Reasons to guard against attacks on web applications
Kali Linux
A web application overview for penetration testers
HTTP protocol
Knowing an HTTP request and response
The request header
The response header
HTTP methods
The GET method
The POST method
The HEAD method
The TRACE method
The PUT and DELETE methods
The OPTIONS method
Keeping sessions in HTTP
Cookies
Cookie flow between server and client
Persistent and nonpersistent cookies
Cookie parameters
HTML data in HTTP response
The server-side code
Multilayer web application
Three-layer web application design
Web services
Introducing SOAP and REST web services
HTTP methods in web services
XML and JSON
AJAX
Building blocks of AJAX
The AJAX workflow
HTML5
WebSockets
Summary
Setting Up Your Lab with Kali Linux
Latest improvements in Kali Linux
Installing Kali Linux
Virtualizing Kali Linux versus installing it on physical hardware
Installing on VirtualBox
Creating the virtual machine
Installing the system
Important tools in Kali Linux
CMS & Framework Identification
WPScan
JoomScan
CMSmap
Web Application Proxies
Burp Proxy
Customizing client interception
Modifying requests on the fly
Burp Proxy with HTTPS websites
Zed Attack Proxy
ProxyStrike
Web Crawlers and Directory Bruteforce
DIRB
DirBuster
Uniscan
Web Vulnerability Scanners
Nikto
w3af
Skipfish
Other tools
OpenVAS
Database exploitation
Web application fuzzers
