Practical Web Penetration Testing: Secure Web Applications Using Burp Suite, Nmap, Metasploit, and More

Title Page
Copyright and Credits
	Practical Web Penetration Testing
Packt Upsell
	Why subscribe?
	PacktPub.com
Contributors
	About the author
	About the reviewer
	Packt is searching for authors like you
Preface
	Who this book is for
	What this book covers
	To get the most out of this book
		Download the example code files
		Download the color images
		Conventions used
	Get in touch
		Reviews
	Disclaimer
Building a Vulnerable Web Application Lab
	Downloading Mutillidae
	Installing Mutillidae on Windows
		Downloading and installing XAMPP
		Mutillidae installation
	Installing Mutillidae on Linux
		Downloading and installing XAMPP
		Mutillidae installation
	Using Mutillidae
		User registration
		Showing hints and setting security levels
		Application reset
		OWASP Top 10
	Summary
Kali Linux Installation
	Introducing Kali Linux
	Installing Kali Linux from scratch
	Installing Kali on VMware
	Installing Kali on VirtualBox
	Bridged versus NAT versus Internal Network
	Updating Kali Linux
	Summary
Delving Deep into the Usage of Kali Linux
	The Kali filesystem structure
	Handling applications and packages
		The Advanced Packaging Tool
		Debian\'s package management system
			Using dpkg commands
	Handling the filesystem in Kali
		File compression commands
	Security management
	Secure shell protocol
	Configuring network services in Kali
		Setting a static IP on Kali
		Checking active connections in Kali
	Process management commands
		Htop utility
		Popular commands for process management
	System info commands
	Summary
All About Using Burp Suite
	An introduction to Burp Suite
	A quick example 
	Visualizing the application structure using Burp Target 
	Intercepting the requests/responses using Burp Proxy
		Setting the proxy in your browser
		BURP SSL certificate
		Burp Proxy options
	Crawling the web application using Burp Spider
		Manually crawling by using the Intruder tool
		Automated crawling and finding hidden spots
	Looking for web vulnerabilities using the scanner
	Replaying web requests using the Repeater tab
	Fuzzing web requests using the Intruder tab
		Intruder attack types
		Practical examples
	Installing third-party apps using Burp Extender
	Summary
Understanding Web Application Vulnerabilities
	File Inclusion
		Local File Inclusion
		Remote File Inclusion
	Cross-Site Scripting
		Reflected XSS
		Stored XSS
			Exploiting stored XSS using the header
		DOM XSS
		JavaScript validation
	Cross-Site Request Forgery
		Step 01 – victim
		Step 02 – attacker
		Results
	SQL Injection
		Authentication bypass
		Extracting the data from the database
			Error-based SQLi enumeration
			Blind SQLi
	Command Injection
	OWASP Top 10
		1 – Injection
		2 – Broken Authentication
		3 – Sensitive Data
		4 – XML External Entities
		5 – Broken Access Control
		6 – Security Misconfiguration
		7 – Cross-Site Scripting (XSS)
		8 – Insecure Deserialization
		9 – Using Components with Known Vulnerabilities
		10 – Insufficient Logging & Monitoring
	Summary
Application Security Pre-Engagement
	Introduction
	The first meeting
		The day of the meeting with the client
	Non-Disclosure Agreement
	Kick-off meeting
	Time and cost estimation
	Statement of work
	Penetration Test Agreement
	External factors
	Summary
Application Threat Modeling
	Software development life cycle
	Application Threat Modeling at a glance
	Application Threat Modeling in real life
	Application Threat Modeling document parts
		Data Flow Diagram
		External dependencies
		Trust levels
		Entry points
		Assets
		Test strategies
		Security risks
	Practical example
		xBlog Threat Modeling
			Scope
			Threat Modeling
			Project information
			Data Flow Diagram
			External dependencies
			Trust levels
			Entry points
			Assets
			Threats list
				Spoofing – authentication
				Tampering – integrity
				Repudiation
				Information disclosure – confidentiality
				Denial of service – availability
				Elevation of privilege – authorization
			Test strategies
	Summary
Source Code Review
	Programming background
	Enterprise secure coding guidelines
	Static code analysis – manual scan versus automatic scan
	Secure coding checklist
	Summary
Network Penetration Testing
	Passive information gathering – reconnaissance – OSINT
		Web search engines
		Google Hacking Database – Google dorks
		Online tools
		Kali Linux tools
			WHOIS lookup
			Domain name system – DNS enumeration
			Gathering email addresses
	Active information gathering – services enumeration
		Identifying live hosts
		Identifying open ports/services
		Service probing and enumeration
	Vulnerability assessment
		OpenVas
	Exploitation
		Finding exploits
		Listener setup
		Generating a shell payload using msfvenom
			Custom shells
	Privilege escalation
		File transfers
			Using PowerShell
			Using VBScript
		Administrator or root
	Summary
Web Intrusion Tests
	Web Intrusion Test workflow
	Identifying hidden contents
	Common web page checklist
	Special pages checklist
	Reporting
		Common Vulnerability Scoring System – CVSS
			First case – SQLi
			Second case – Reflected XSS
		Report template
	Summary
Pentest Automation Using Python
	Python IDE
		Downloading and installing PyCharm 
		PyCharm quick overview
	Penetration testing automation
		 Automate.py in action
		Utility functions
		Service enumeration
		DTO service class
		The scanner core
	Summary
Nmap Cheat Sheet
	Target specification
	Host discovery
	Scan types and service versions
	Port specification and scan order
	Script scan
	Timing and performance
	Firewall/IDS evasion and spoofing
	Output
Metasploit Cheat Sheet
	Metasploit framework
		Using the database
			More database-related commands
		Getting around
		Using modules
		Miscellaneous
		msfvenom
		Listener scripting
		Meterpreter
Netcat Cheat Sheet
	Netcat command flags
	Practical examples
Networking Reference Section
	Network subnets
	Port numbers and services
Python Quick Reference
	Quick Python language overview
		Basics of Python
		Operators
			Arithmetic calculation operators
			Assignment operators
			Comparison operators 
			Membership and identity operators
			Binary operators
		Making an if decision
		Variables
			Strings
				Escape String Characters
			Numbers
			Lists
			Tuples
			Dictionary
		Miscellaneous
Other Books You May Enjoy
	Leave a review - let other readers know what you think