The Basics of Web Hacking
Tools and Techniques to Attack the Web
The Basics of Web Hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user.
With Dr. Pauliâs approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose. Once you complete the entire process, not only will you be prepared to test for the most damaging Web exploits, you will also be prepared to conduct more advanced Web hacks that mandate a strong base of knowledge.
AudienceBeginning Information Security professionals, systems administrators, information technology leaders, network administrators, and an academic audience among information security majors.
- Published: July 2013
- Imprint: SYNGRESS
- ISBN: 978-0-12-416600-4
Table of Contents
- Basics of Web Hacking
- Web Server Hacking
- Web App Recon and Scanning
- Web App Exploitation with Code Injection
- Web App Exploitation with Broken Authentication and Path Traversal
- Web User Hacking
- Next Steps