The Basics of Web Hacking

The Basics of Web Hacking

Tools and Techniques to Attack the Web

1st Edition - June 18, 2013

Write a review

  • Author: Josh Pauli
  • Paperback ISBN: 9780124166004
  • eBook ISBN: 9780124166592

Purchase options

Purchase options
Available
DRM-free (PDF, EPub, Mobi)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

The Basics of Web Hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a "path of least resistance" that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities. The Basics of Web Hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user. With Dr. Pauli’s approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose. Once you complete the entire process, not only will you be prepared to test for the most damaging Web exploits, you will also be prepared to conduct more advanced Web hacks that mandate a strong base of knowledge.

Key Features

  • Provides a simple and clean approach to Web hacking, including hands-on examples and exercises that are designed to teach you how to hack the server, hack the Web app, and hack the Web user
  • Covers the most significant new tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more!
  • Written by an author who works in the field as a penetration tester and who teaches Web security classes at Dakota State University

Readership

Beginning Information Security professionals, systems administrators, information technology leaders, network administrators, and an academic audience among information security majors.

Table of Contents

  • Dedication

    Acknowledgments

    Honey Bear

    Lizard

    Baby Bird

    Family and Friends

    Security Community

    Scott White—Technical Reviewer

    Syngress Team

    My Vices

    Biography

    Foreword

    Introduction

    About This Book

    A Hands-On Approach

    What's in This Book?

    A Quick Disclaimer

    Chapter 1. The Basics of Web Hacking

    Chapter Rundown:

    Introduction

    What Is a Web Application?

    What You Need to Know About Web Servers

    What You Need to Know About HTTP

    The Basics of Web Hacking: Our Approach

    Web Apps Touch Every Part of IT

    Existing Methodologies

    Most Common Web Vulnerabilities

    Setting Up a Test Environment

    Chapter 2. Web Server Hacking

    Chapter Rundown:

    Introduction

    Reconnaissance

    Port Scanning

    Vulnerability Scanning

    Exploitation

    Maintaining Access

    Chapter 3. Web Application Recon and Scanning

    Chapter Rundown:

    Introduction

    Web Application Recon

    Web Application Scanning

    Chapter 4. Web Application Exploitation with Injection

    Chapter Rundown:

    Introduction

    SQL Injection Vulnerabilities

    SQL Injection Attacks

    sqlmap

    Operating System Command Injection Vulnerabilities

    Operating System Command Injection Attacks

    Web Shells

    Chapter 5. Web Application Exploitation with Broken Authentication and Path Traversal

    Chapter Rundown:

    Introduction

    Authentication and Session Vulnerabilities

    Path Traversal Vulnerabilities

    Brute Force Authentication Attacks

    Session Attacks

    Path Traversal Attacks

    Chapter 6. Web User Hacking

    Chapter Rundown:

    Introduction

    Cross-Site Scripting (XSS) Vulnerabilities

    Cross-Site Request Forgery (CSRF) Vulnerabilities

    Technical Social Engineering Vulnerabilities

    Web User Recon

    Web User Scanning

    Web User Exploitation

    Cross-Site Scripting (XSS) Attacks

    Reflected XSS Attacks

    Stored XSS Attacks

    Cross-Site Request Forgery (CSRF) Attacks

    User Attack Frameworks

    Chapter 7. Fixes

    Chapter Rundown:

    Introduction

    Web Server Fixes

    Web Application Fixes

    Web User Fixes

    Chapter 8. Next Steps

    Chapter Rundown:

    Introduction

    Security Community Groups and Events

    Formal Education

    Certifications

    Additional Books

    Index

Product details

  • No. of pages: 160
  • Language: English
  • Copyright: © Syngress 2013
  • Published: June 18, 2013
  • Imprint: Syngress
  • Paperback ISBN: 9780124166004
  • eBook ISBN: 9780124166592

About the Author

Josh Pauli

Dr. Josh Pauli received his Ph.D. in Software Engineering from North Dakota State University (NDSU) and now serves as an Associate Professor of Information Security at Dakota State University (DSU) in Madison, SD. Dr. Pauli has published nearly 30 international journal and conference papers related to software security and his work includes invited presentations from the Department of Homeland Security, National Security Agency, Black Hat Briefings, and Defcon. He teaches both undergraduate and graduate courses in software security at DSU.

Ratings and Reviews

Write a review

Latest reviews

(Total rating for all reviews)

  • saurabh Wed Apr 22 2020

    The Basics of Web Hacking

    good