PacktLib: Web Penetration Testing with Kali Linux

Web Penetration Testing with Kali Linux

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Preface

Penetration Testing and Setup

Web application Penetration Testing concepts

Penetration Testing methodology

Kali Penetration Testing concepts

Introducing Kali Linux

Kali system setup

Kali toolset overview

Summary

Reconnaissance

Reconnaissance objectives

Initial research

Summary

Server-side Attacks

Vulnerability assessment

Exploitation

Exploiting e-mail systems

Brute-force attacks

Cracking passwords

Man-in-the-middle

Summary

Client-side Attacks

Social engineering

Social Engineering Toolkit (SET)

MitM Proxy

Host scanning

Obtaining and cracking user passwords

Kali password cracking tools

Other tools available in Kali

Summary

Attacking Authentication

Attacking session management

Hijacking web session cookies

Web session tools

SQL Injection

Cross-site scripting (XSS)

Testing cross-site scripting

XSS cookie stealing / Authentication hijacking

Other tools

Summary

Web Attacks

Browser Exploitation Framework – BeEF

FoxyProxy – Firefox plugin

BURP Proxy

OWASP – ZAP

SET password harvesting

Fimap

Denial of Services (DoS)

Low Orbit Ion Cannon

Other tools

Summary

Defensive Countermeasures

Testing your defenses

Mirror your environment

Man-in-the-middle defense

Denial of Service defense

Cookie defense

Clickjacking defense

Digital forensics

Summary

Penetration Test Executive Report

Compliance

Industry standards

Professional services

Documentation

Report format

Statement of Work (SOW)

Kali reporting tools

Summary

Index