LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code needed.
The Basics of Web Hacking
Tools and Techniques to Attack the Web
- 1st Edition - June 18, 2013
- Author: Josh Pauli
- Language: English
- Paperback ISBN:9 7 8 - 0 - 1 2 - 4 1 6 6 0 0 - 4
- eBook ISBN:9 7 8 - 0 - 1 2 - 4 1 6 6 5 9 - 2
The Basics of Web Hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteThe Basics of Web Hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a "path of least resistance" that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities.
The Basics of Web Hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user.
With Dr. Pauli’s approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose. Once you complete the entire process, not only will you be prepared to test for the most damaging Web exploits, you will also be prepared to conduct more advanced Web hacks that mandate a strong base of knowledge.
- Provides a simple and clean approach to Web hacking, including hands-on examples and exercises that are designed to teach you how to hack the server, hack the Web app, and hack the Web user
- Covers the most significant new tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more!
- Written by an author who works in the field as a penetration tester and who teaches Web security classes at Dakota State University
Beginning Information Security professionals, systems administrators, information technology leaders, network administrators, and an academic audience among information security majors.
Dedication
Acknowledgments
Honey Bear
Lizard
Baby Bird
Family and Friends
Security Community
Scott White—Technical Reviewer
Syngress Team
My Vices
Biography
Foreword
Introduction
About This Book
A Hands-On Approach
What's in This Book?
A Quick Disclaimer
Chapter 1. The Basics of Web Hacking
Chapter Rundown:
Introduction
What Is a Web Application?
What You Need to Know About Web Servers
What You Need to Know About HTTP
The Basics of Web Hacking: Our Approach
Web Apps Touch Every Part of IT
Existing Methodologies
Most Common Web Vulnerabilities
Setting Up a Test Environment
Chapter 2. Web Server Hacking
Chapter Rundown:
Introduction
Reconnaissance
Port Scanning
Vulnerability Scanning
Exploitation
Maintaining Access
Chapter 3. Web Application Recon and Scanning
Chapter Rundown:
Introduction
Web Application Recon
Web Application Scanning
Chapter 4. Web Application Exploitation with Injection
Chapter Rundown:
Introduction
SQL Injection Vulnerabilities
SQL Injection Attacks
sqlmap
Operating System Command Injection Vulnerabilities
Operating System Command Injection Attacks
Web Shells
Chapter 5. Web Application Exploitation with Broken Authentication and Path Traversal
Chapter Rundown:
Introduction
Authentication and Session Vulnerabilities
Path Traversal Vulnerabilities
Brute Force Authentication Attacks
Session Attacks
Path Traversal Attacks
Chapter 6. Web User Hacking
Chapter Rundown:
Introduction
Cross-Site Scripting (XSS) Vulnerabilities
Cross-Site Request Forgery (CSRF) Vulnerabilities
Technical Social Engineering Vulnerabilities
Web User Recon
Web User Scanning
Web User Exploitation
Cross-Site Scripting (XSS) Attacks
Reflected XSS Attacks
Stored XSS Attacks
Cross-Site Request Forgery (CSRF) Attacks
User Attack Frameworks
Chapter 7. Fixes
Chapter Rundown:
Introduction
Web Server Fixes
Web Application Fixes
Web User Fixes
Chapter 8. Next Steps
Chapter Rundown:
Introduction
Security Community Groups and Events
Formal Education
Certifications
Additional Books
Index
- No. of pages: 160
- Language: English
- Edition: 1
- Published: June 18, 2013
- Imprint: Syngress
- Paperback ISBN: 9780124166004
- eBook ISBN: 9780124166592
JP
Josh Pauli
Dr. Josh Pauli received his Ph.D. in Software Engineering from North Dakota State University (NDSU) and now serves as an Associate Professor of Information Security at Dakota State University (DSU) in Madison, SD. Dr. Pauli has published nearly 30 international journal and conference papers related to software security and his work includes invited presentations from the Department of Homeland Security, National Security Agency, Black Hat Briefings, and Defcon. He teaches both undergraduate and graduate courses in software security at DSU.
Read The Basics of Web Hacking on ScienceDirect