Web Penetration Testing with Kali Linux (Kali Linux 網頁滲透測試)

Joseph Muniz, Aamir Lakhani

相關主題

商品描述

Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit.

Overview

  • Learn key reconnaissance concepts needed as a penetration tester
  • Attack and exploit key features, authentication, and sessions on web applications
  • Learn how to protect systems, write reports, and sell web penetration testing services

In Detail

Kali Linux is built for professional penetration testing and security auditing. It is the next-generation of BackTrack, the most popular open-source penetration toolkit in the world. Readers will learn how to think like real attackers, exploit systems, and expose vulnerabilities.

Even though web applications are developed in a very secure environment and have an intrusion detection system and firewall in place to detect and prevent any malicious activity, open ports are a pre-requisite for conducting online business. These ports serve as an open door for attackers to attack these applications. As a result, penetration testing becomes essential to test the integrity of web-applications. Web Penetration Testing with Kali Linux is a hands-on guide that will give you step-by-step methods on finding vulnerabilities and exploiting web applications.

"Web Penetration Testing with Kali Linux" looks at the aspects of web penetration testing from the mind of an attacker. It provides real-world, practical step-by-step instructions on how to perform web penetration testing exercises.

You will learn how to use network reconnaissance to pick your targets and gather information. Then, you will use server-side attacks to expose vulnerabilities in web servers and their applications. Client attacks will exploit the way end users use web applications and their workstations. You will also learn how to use open source tools to write reports and get tips on how to sell penetration tests and look out for common pitfalls.

On the completion of this book, you will have the skills needed to use Kali Linux for web penetration tests and expose vulnerabilities on web applications and clients that access them.

What you will learn from this book

  • Perform vulnerability reconnaissance to gather information on your targets
  • Expose server vulnerabilities and take advantage of them to gain privileged access
  • Exploit client-based systems using web application protocols
  • Learn how to use SQL and cross-site scripting (XSS) attacks
  • Steal authentications through session hijacking techniques
  • Harden systems so other attackers do not exploit them easily
  • Generate reports for penetration testers
  • Learn tips and trade secrets from real world penetration testers

Approach

"Web Penetration Testing with Kali Linux" contains various penetration testing methods using BackTrack that will be used by the reader. It contains clear step-by-step instructions with lot of screenshots. It is written in an easy to understand language which will further simplify the understanding for the user.

商品描述(中文翻譯)

測試網路安全最好的方法是透過模擬攻擊。Kali Linux讓您以專業標準進行測試,而這本書將使您完全掌握這個功能強大的開源工具包。

概述:
- 學習作為滲透測試人員所需的關鍵偵察概念
- 攻擊和利用網路應用程式的關鍵功能、驗證和會話
- 學習如何保護系統、撰寫報告並銷售網路滲透測試服務

詳細內容:
Kali Linux是專為專業滲透測試和安全審計而建立的。它是BackTrack的下一代,也是全球最受歡迎的開源滲透工具包。讀者將學習如何像真正的攻擊者一樣思考,利用系統並揭示漏洞。

儘管網路應用程式是在非常安全的環境中開發的,並且配備了入侵檢測系統和防火牆以檢測和防止任何惡意活動,但開放的埠口是進行線上業務的先決條件。這些埠口為攻擊者提供了攻擊這些應用程式的開放之門。因此,滲透測試對於測試網路應用程式的完整性至關重要。《使用Kali Linux進行網路滲透測試》是一本實用指南,將逐步介紹如何發現漏洞並利用網路應用程式。

《使用Kali Linux進行網路滲透測試》從攻擊者的角度探討網路滲透測試的各個方面。它提供了實際的、實用的逐步指示,教您如何進行網路滲透測試。

您將學習如何使用網路偵察來選擇目標並收集資訊。然後,您將利用伺服器端攻擊揭示網路伺服器及其應用程式的漏洞。客戶端攻擊將利用最終使用者使用網路應用程式和工作站的方式。您還將學習如何使用開源工具撰寫報告,並獲得有關如何銷售滲透測試和注意常見陷阱的提示。

完成本書後,您將具備使用Kali Linux進行網路滲透測試並揭示網路應用程式和訪問它們的客戶端的漏洞所需的技能。

從本書中您將學到:
- 進行漏洞偵察以收集有關目標的資訊
- 揭示伺服器漏洞並利用它們以獲得特權訪問權限
- 利用網路應用程式協議對基於客戶端的系統進行攻擊
- 學習如何使用SQL和跨站腳本(XSS)攻擊
- 通過會話劫持技術竊取驗證資訊
- 強化系統以防止其他攻擊者輕易利用
- 為滲透測試人員生成報告
- 從真實世界的滲透測試人員中學習技巧和秘訣

方法:
《使用Kali Linux進行網路滲透測試》包含使用BackTrack的各種滲透測試方法,讀者將使用這些方法。它提供了清晰的逐步指示和大量的截圖。書中使用易於理解的語言,進一步簡化了讀者的理解。