Mastering Kali Linux for Web Penetration Testing
The ultimate defense against complex organized threats and attacks
Published on 8. July 2025
338 pages
978-1-78439-621-3 (ISBN)
Description
Master the art of exploiting advanced web penetration techniques with Kali Linux 2016.2
Key Features
-Make the most out of advanced web pen-testing techniques using Kali Linux 2016.2
-Explore how Stored (a.k.a. Persistent) XSS attacks work and how to take advantage of them
-Learn to secure your application by performing advanced web based attacks.
-Bypass internet security to traverse from the web to a private network.
Book DescriptionYou will start by delving into some common web application architectures in use, both in private and public cloud instances. You will also learn about the most common frameworks for testing, such as OWASP OGT version 4, and how to use them to guide your efforts. In the next section, you will be introduced to web pentesting with core tools and you will also see how to make web applications more secure through rigorous penetration tests using advanced features in open source tools. The book will then show you how to better hone your web pentesting skills in safe environments that can ensure low-risk experimentation with the powerful tools and features in Kali Linux that go beyond a typical script-kiddie approach. After establishing how to test these powerful tools safely, you will understand how to better identify vulnerabilities, position and deploy exploits, compromise authentication and authorization, and test the resilience and exposure applications possess. By the end of this book, you will be well-versed with the web service architecture to identify and evade various protection mechanisms that are used on the Web today. You will leave this book with a greater mastery of essential test techniques needed to verify the secure design, development, and operation of your customers' web applications. What you will learn
Establish a fully-featured sandbox for test rehearsal and risk-free investigation of applications
Enlist open-source information to get a head-start on enumerating account credentials, mapping potential dependencies, and discovering unintended backdoors and exposed information
Map, scan, and spider web applications using nmap/zenmap, nikto, arachni, webscarab, w3af, and NetCat for more accurate characterization
Proxy web transactions through tools such as Burp Suite, OWASP s ZAP tool, and Vega to uncover application weaknesses and manipulate responses
Deploy SQL injection, cross-site scripting, Java vulnerabilities, and overflow attacks using Burp Suite, websploit, and SQLMap to test application robustness
Evaluate and test identity, authentication, and authorization schemes and sniff out weak cryptography before the black hats do
Who this book is forThis book targets IT pen testers, security consultants, and ethical hackers who want to expand their knowledge and gain expertise on advanced web penetration techniques. Prior knowledge of penetration testing would be beneficial.
Key Features
-Make the most out of advanced web pen-testing techniques using Kali Linux 2016.2
-Explore how Stored (a.k.a. Persistent) XSS attacks work and how to take advantage of them
-Learn to secure your application by performing advanced web based attacks.
-Bypass internet security to traverse from the web to a private network.
Book DescriptionYou will start by delving into some common web application architectures in use, both in private and public cloud instances. You will also learn about the most common frameworks for testing, such as OWASP OGT version 4, and how to use them to guide your efforts. In the next section, you will be introduced to web pentesting with core tools and you will also see how to make web applications more secure through rigorous penetration tests using advanced features in open source tools. The book will then show you how to better hone your web pentesting skills in safe environments that can ensure low-risk experimentation with the powerful tools and features in Kali Linux that go beyond a typical script-kiddie approach. After establishing how to test these powerful tools safely, you will understand how to better identify vulnerabilities, position and deploy exploits, compromise authentication and authorization, and test the resilience and exposure applications possess. By the end of this book, you will be well-versed with the web service architecture to identify and evade various protection mechanisms that are used on the Web today. You will leave this book with a greater mastery of essential test techniques needed to verify the secure design, development, and operation of your customers' web applications. What you will learn
Establish a fully-featured sandbox for test rehearsal and risk-free investigation of applications
Enlist open-source information to get a head-start on enumerating account credentials, mapping potential dependencies, and discovering unintended backdoors and exposed information
Map, scan, and spider web applications using nmap/zenmap, nikto, arachni, webscarab, w3af, and NetCat for more accurate characterization
Proxy web transactions through tools such as Burp Suite, OWASP s ZAP tool, and Vega to uncover application weaknesses and manipulate responses
Deploy SQL injection, cross-site scripting, Java vulnerabilities, and overflow attacks using Burp Suite, websploit, and SQLMap to test application robustness
Evaluate and test identity, authentication, and authorization schemes and sniff out weak cryptography before the black hats do
Who this book is forThis book targets IT pen testers, security consultants, and ethical hackers who want to expand their knowledge and gain expertise on advanced web penetration techniques. Prior knowledge of penetration testing would be beneficial.
All prices
More details
Edition
Digital original
Language
English
Place of publication
Birmingham
United Kingdom
Target group
US School Grade: College Graduate Student
Edition type
Digital original
File size
33,83 MB
ISBN-13
978-1-78439-621-3 (9781784396213)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
Michael Mcphee
Mastering Kali Linux for Web Penetration Testing
Book
06/2017
Packt Publishing
€63.40
Shipment within 3-4 weeks
Person
McPhee Michael :
Michael McPhee is a systems engineer at Cisco in New York, where he has worked for the last 4 years and has focused on cyber security, switching, and routing. Mikes current role sees him consulting on security and network infrastructures, and he frequently runs clinics and delivers training to help get his customers up to speed. Suffering from a learning addiction, Mike has obtained the following certifications along the way: CEH, CCIE R&S, CCIE Security, CCIP, CCDP, ITILv3, and the Cisco Security White Belt. He is currently working on his VCP6-DV certification, following his kids to soccer games and tournaments, traveling with his wife and kids to as many places as possible, and scouting out his future all-grain beer home brewing rig. He also spends considerable time breaking his home network (for science!), much to the family's dismay. Prior to joining Cisco, Mike spent 6 years in the U.S. Navy and another 10 working on communications systems as a systems engineer and architect for defense contractors, where he helped propose, design, and develop secure command and control networks and electronic warfare systems for the US DoD and NATO allies. Prior publication: Penetration Testing with the Raspberry Pi Second Edition (with Jason Beltrame), Packt Publishing, November 2016.
Michael McPhee is a systems engineer at Cisco in New York, where he has worked for the last 4 years and has focused on cyber security, switching, and routing. Mikes current role sees him consulting on security and network infrastructures, and he frequently runs clinics and delivers training to help get his customers up to speed. Suffering from a learning addiction, Mike has obtained the following certifications along the way: CEH, CCIE R&S, CCIE Security, CCIP, CCDP, ITILv3, and the Cisco Security White Belt. He is currently working on his VCP6-DV certification, following his kids to soccer games and tournaments, traveling with his wife and kids to as many places as possible, and scouting out his future all-grain beer home brewing rig. He also spends considerable time breaking his home network (for science!), much to the family's dismay. Prior to joining Cisco, Mike spent 6 years in the U.S. Navy and another 10 working on communications systems as a systems engineer and architect for defense contractors, where he helped propose, design, and develop secure command and control networks and electronic warfare systems for the US DoD and NATO allies. Prior publication: Penetration Testing with the Raspberry Pi Second Edition (with Jason Beltrame), Packt Publishing, November 2016.
Content
Table of Contents
Common Web Applications and Architectures
Guidelines for Preparation and Testing
Stalking Prey Through Target Recon
Scanning for Vulnerabilities with Arachni
Proxy Operations with OWASP ZAP and Burp Suite
Infiltrating Sessions via Cross-Site Scripting
Injection and Overflow Testing
Exploiting Trust Through Cryptography Testing
Stress Testing Authentication and Session Management
Launching Client-Side Attacks
Breaking the Application Logic
Educating the Customer and Finishing Up
Common Web Applications and Architectures
Guidelines for Preparation and Testing
Stalking Prey Through Target Recon
Scanning for Vulnerabilities with Arachni
Proxy Operations with OWASP ZAP and Burp Suite
Infiltrating Sessions via Cross-Site Scripting
Injection and Overflow Testing
Exploiting Trust Through Cryptography Testing
Stress Testing Authentication and Session Management
Launching Client-Side Attacks
Breaking the Application Logic
Educating the Customer and Finishing Up
