Web Penetration Testing with Kali Linux - Second Edition
Availability: Usually ships in 24 hours
Ships from and sold by Amazon.com
Build your defense against web attacks with Kali Linux 2.0
If you are already working as a network penetration tester and want to expand your knowledge of web application hacking, then this book tailored for you. Those who are interested in learning more about the Kali Sana tools that are used to test web applications will find this book a thoroughly useful and interesting guide.
Kali Linux 2.0 is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. It contains several hundred tools aimed at various information security tasks such as penetration testing, forensics, and reverse engineering.
At the beginning of the book, you will be introduced to the concepts of hacking and penetration testing and will get to know about the tools used in Kali Linux 2.0 that relate to web application hacking. Then, you will gain a deep understanding of SQL and command injection flaws and ways to exploit the flaws. Moving on, you will get to know more about scripting and input validation flaws, AJAX, and the security issues related to AJAX.
At the end of the book, you will use an automated technique called fuzzing to be able to identify flaws in a web application. Finally, you will understand the web application vulnerabilities and the ways in which they can be exploited using the tools in Kali Linux 2.0.
This step-by-step guide covers each topic with detailed practical examples. Every concept is explained with the help of illustrations using the tools available in Kali Linux 2.0.
About the Author
Juned Ahmed Ansari
Juned Ahmed Ansari (@junedlive) is a cyber security researcher based out of Mumbai. He currently leads the penetration testing and offensive security team of a large MNC. Juned has worked as a consultant for large private sector enterprises, guiding them on their cyber security program. He has also worked with start-ups, helping them make their final product secure. Juned has conducted several training sessions on advanced penetration testing, focused on teaching students stealth, and evasion techniques in highly secure environments. His primary focus areas are penetration testing, threat intelligence, and application security research. He holds leading security certifications such as GXPN, CISSP, CCSK, and CISA. Juned enjoys contributing to public groups and forums and occasionally blogs at https://securebits.in.
Most helpful customer reviews
1 of 2 people found the following review helpful.
By Perry Nally
Great read. If you are new to either web penetration testing or kali linux, you'll learn a ton of very useful tools and techniques on how to determine hack-ability of a website. If you're not new to this, you'll be able to use this book as a great reference. YOu get tons of info and how-to's for each vulnerability. You get right to the nitty-gritty. The author attempt to help you get into the mind set of a person who would hack your site which helps to determine the various attack vectors. There were a few vectors mentioned that I did not think of, including some very useful shortcuts along the way. You could never really say this type of book is ever really "complete", but this is the most complete book I've read on the subject to date. Highly recommend it if you are on the fence.
0 of 1 people found the following review helpful.
This book is very worthwhile.
I liked this book because the author gives a good immersion on the theme, he introduces about the ecosystem of web applications, the needs of security, the structure, major flaws and the possible attackers. The steps to execute the penetration test are crucial and he presented the points that you need to carry on, exploring the flaws with the possible doors and the best tools. Security technology is an activity where you can never stop, you have to have caution and your team prepared to solve the flaws fast as possible.
This book makes me understand what I need to do, what is more important, this subject is so dynamic that you never feel totally comfortable to deal with, but now I can see what an efficient pen test is like. So this book delivers what it promises and I would recommend for anyone who work or are interested on this topic, this book is very worthwhile.
2 of 3 people found the following review helpful.
Absolutely not worth the price tag
By Amazon Customer
The examples used in the book were extremely trivial and did not offer a lot of real insight into anything especially for the price tag. Save yourself the money and visit the OWASP site and their free documentation.
Manage research, learning and skills at defaultLogic. Create an account using LinkedIn or facebook to manage and organize your IT knowledge. defaultLogic works like a shopping cart for information -- helping you to save, discuss and share.