Practical Web Penetration Testing: Secure Web Applications Using Burp Suite, Nmap, Metasploit, and More

Title Page
Copyright and Credits
Practical Web Penetration Testing
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Building a Vulnerable Web Application Lab
Downloading Mutillidae
Installing Mutillidae on Windows
Downloading and installing XAMPP
Mutillidae installation
Installing Mutillidae on Linux
Downloading and installing XAMPP
Mutillidae installation
Using Mutillidae
User registration
Showing hints and setting security levels
Application reset
OWASP Top 10
Summary
Kali Linux Installation
Introducing Kali Linux
Installing Kali Linux from scratch
Installing Kali on VMware
Installing Kali on VirtualBox
Bridged versus NAT versus Internal Network
Updating Kali Linux
Summary
Delving Deep into the Usage of Kali Linux
The Kali filesystem structure
Handling applications and packages
The Advanced Packaging Tool
Debian's package management system
Using dpkg commands
Handling the filesystem in Kali
File compression commands
Security management
Secure shell protocol
Configuring network services in Kali
Setting a static IP on Kali
Checking active connections in Kali
Process management commands
Htop utility
Popular commands for process management
System info commands
Summary
All About Using Burp Suite
An introduction to Burp Suite
A quick example 
Visualizing the application structure using Burp Target 
Intercepting the requests/responses using Burp Proxy
Setting the proxy in your browser
BURP SSL certificate
Burp Proxy options
Crawling the web application using Burp Spider
Manually crawling by using the Intruder tool
Automated crawling and finding hidden spots
Looking for web vulnerabilities using the scanner
Replaying web requests using the Repeater tab
Fuzzing web requests using the Intruder tab
Intruder attack types
Practical examples
Installing third-party apps using Burp Extender
Summary
Understanding Web Application Vulnerabilities
File Inclusion
Local File Inclusion
Remote File Inclusion
Cross-Site Scripting
Reflected XSS
Stored XSS
Exploiting stored XSS using the header
DOM XSS
JavaScript validation
Cross-Site Request Forgery
Step 01 – victim
Step 02 – attacker
Results
SQL Injection
Authentication bypass
Extracting the data from the database
Error-based SQLi enumeration
Blind SQLi
Command Injection
OWASP Top 10
1 – Injection
2 – Broken Authentication
3 – Sensitive Data
4 – XML External Entities
5 – Broken Access Control
6 – Security Misconfiguration
7 – Cross-Site Scripting (XSS)
8 – Insecure Deserialization
9 – Using Components with Known Vulnerabilities
10 – Insufficient Logging & Monitoring
Summary
Application Security Pre-Engagement
Introduction
The first meeting
The day of the meeting with the client
Non-Disclosure Agreement
Kick-off meeting
Time and cost estimation
Statement of work
Penetration Test Agreement
External factors
Summary
Application Threat Modeling
Software development life cycle
Application Threat Modeling at a glance
Application Threat Modeling in real life
Application Threat Modeling document parts
Data Flow Diagram
External dependencies
Trust levels
Entry points
Assets
Test strategies
Security risks
Practical example
xBlog Threat Modeling
Scope
Threat Modeling
Project information
Data Flow Diagram
External dependencies
Trust levels
Entry points
Assets
Threats list
Spoofing – authentication
Tampering – integrity
Repudiation
Information disclosure – confidentiality
Denial of service – availability
Elevation of privilege – authorization
Test strategies
Summary
Source Code Review
Programming background
Enterprise secure coding guidelines
Static code analysis – manual scan versus automatic scan
Secure coding checklist
Summary
Network Penetration Testing
Passive information gathering – reconnaissance – OSINT
Web search engines
Google Hacking Database – Google dorks
Online tools
Kali Linux tools
WHOIS lookup
Domain name system – DNS enumeration
Gathering email addresses
Active information gathering – services enumeration
Identifying live hosts
Identifying open ports/services
Service probing and enumeration
Vulnerability assessment
OpenVas
Exploitation
Finding exploits
Listener setup
Generating a shell payload using msfvenom
Custom shells
Privilege escalation
File transfers
Using PowerShell
Using VBScript
Administrator or root
Summary
Web Intrusion Tests
Web Intrusion Test workflow
Identifying hidden contents
Common web page checklist
Special pages checklist
Reporting
Common Vulnerability Scoring System – CVSS
First case – SQLi
Second case – Reflected XSS
Report template
Summary
Pentest Automation Using Python
Python IDE
Downloading and installing PyCharm 
PyCharm quick overview
Penetration testing automation
 Automate.py in action
Utility functions
Service enumeration
DTO service class
The scanner core
Summary
Nmap Cheat Sheet
Target specification
Host discovery
Scan types and service versions
Port specification and scan order
Script scan
Timing and performance
Firewall/IDS evasion and spoofing
Output
Metasploit Cheat Sheet
Metasploit framework
Using the database
More database-related commands
Getting around
Using modules
Miscellaneous
msfvenom
Listener scripting
Meterpreter
Netcat Cheat Sheet
Netcat command flags
Practical examples
Networking Reference Section
Network subnets
Port numbers and services
Python Quick Reference
Quick Python language overview
Basics of Python
Operators
Arithmetic calculation operators
Assignment operators
Comparison operators 
Membership and identity operators
Binary operators
Making an if decision
Variables
Strings
Escape String Characters
Numbers
Lists
Tuples
Dictionary
Miscellaneous
Other Books You May Enjoy
Leave a review - let other readers know what you think