网站首页 软件下载 游戏下载 翻译软件 电子书下载 电影下载 电视剧下载 教程攻略
书名 | Kali Linux Web渗透测试(第3版影印版)(英文版) |
分类 | 计算机-操作系统 |
作者 | (澳)吉尔博托·N.古铁雷斯 |
出版社 | 东南大学出版社 |
下载 | ![]() |
简介 | 内容推荐 本书展示了如何设置实验室,帮助你了解网站攻击的本质和机制,并且深入解释了经典的攻击方法。第3版针对最新的Kali Linux改动以及最近的网络攻击进行了大量更新。在客户端攻击,尤其是模糊测试方面,Kali Linux的表现非常出色。本书首先将为你全面的介绍黑客攻击和渗透测试的概念,你会看到在Kali Linux中使用的与Web应用程序攻击相关的工具。你将深入了解典型的SQL、命令注入缺陷以及多种利用这些缺陷的手法。Web渗透测试还需要对客户端攻击具备一般性的了解,而这可以通过对脚本和输入验证缺陷的长时间讨论来解决。还有一个非常重要的章节是关于加密算法实现上的缺陷,在这章里我们讨论了网络栈中与加密层有关的最新问题。这类攻击的严重性不容小觑,对其的防范与大多数互联网用户密切相关,当然其中也少不了渗透测试员。在本书的结尾,你会使用一种称为模糊测试的自动化技术来识别Web应用程序中的缺陷。最终,你将了解Web应用程序漏洞以及借助Kali Linux中的工具利用这些漏洞的方法 作者简介 吉尔博托·N.古铁雷斯,Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one ofthe top security testing service providers in Australia. He obtained leading security andpenetration testing certifications, namely Offensive Security Certified Professional (OSCP),EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher andAdvanced Penetration Tester (GXPN); he also holds a Master's degree in Computer Sciencewith specialization in Artificial Intelligence. Gilberto has been working as a penetration tester since 2013, and he has been a securityenthusiast for almost 20 years. He has successfully conducted penetration tests on networksand applications of some the biggest corporations, government agencies, and financialinstitutions in Mexico and Australia. 目录 Preface Chapter 1: Introduction to Penetration Testing and Web Applications Proactive security testing Different testing methodologies Ethical hacking Penetration testing Vulnerability assessment Security audits Considerations when performing penetration testing Rules of Engagement The type and scope of testing Client contact details Client IT team notifications Sensitive data handling Status meeting and reports The limitations of penetration testing The need for testing web applications Reasons to guard against attacks on web applications Kali Linux A web application overview for penetration testers HTTP protocol Knowing an HTTP request and response The request header The response header HTTP methods The GET method The POST method The HEAD method The TRACE method The PUT and DELETE methods The OPTIONS method Keeping sessions in HTTP Cookies Cookie flow between server and client Persistent and nonpersistent cookies Cookie parameters HTML data in HTTP response The server-side code Multilayer web application Three-layer web application design Web services Introducing SOAP and REST web services HTTP methods in web services XML and JSON AJAX Building blocks of AJAX The AJAX workflow HTML5 WebSockets Summary Chapter 2: Setting Up Your Lab with Kali Linux Kali Linux Latest improvements in Kali Linux Installing Kali Linux Virtualizing Kali Linux versus installing it on physical hardware Installing on VirtualBox Creating the virtual machine Installing the system Important tools in Kali Linux CMS & Framework Identification WPScan JoomScan CMSmap Web Application Proxies Burp Proxy Customizing client interception Modifying requests on the fly Burp Proxy with HTTPS websites Zed Attack Proxy ProxyStrike Web Crawlers and Directory Bruteforce Chapter 3: Reconnaissance and Profiling the Web Sewer Reconnaissance Chapter 4: Authentication and Session Management Flaws Authentication schemes in web applications Chapter 5: Detecting and Exploiting Injection-Based Flaws Command injection Chapter 6: Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities Chapter 7: Cross-Site Request Forgery, Identification, and Exploitation Chapter 8: Attacking Flaws in Cryptographic Implementations Chapter 9: AJAX, HTML5, and Client-Side Attacks Crawling AJAX applications Chapter 10: Other Common Security Flaws in Web Applications Insecure direct object references Chapter 11 : Using Automated Scanners on Web Applications Considerations before using an automated scanner Web application vulnerability scanners in Kali Linux Index |
随便看 |
|
霍普软件下载网电子书栏目提供海量电子书在线免费阅读及下载。