The Basics of Web Hacking

Tools and Techniques to Attack the Web

1st Edition - June 18, 2013

Write a review

Author: Josh Pauli
Paperback ISBN: 9780124166004
eBook ISBN: 9780124166592

Purchase options

Select country/region

Institutional Subscription

Support Center Returns & Refunds

Free Global Shipping

No minimum order

Description

The Basics of Web Hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a "path of least resistance" that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities. The Basics of Web Hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user. With Dr. Pauli’s approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose. Once you complete the entire process, not only will you be prepared to test for the most damaging Web exploits, you will also be prepared to conduct more advanced Web hacks that mandate a strong base of knowledge.

Key Features

Provides a simple and clean approach to Web hacking, including hands-on examples and exercises that are designed to teach you how to hack the server, hack the Web app, and hack the Web user
Covers the most significant new tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more!
Written by an author who works in the field as a penetration tester and who teaches Web security classes at Dakota State University

Readership

Beginning Information Security professionals, systems administrators, information technology leaders, network administrators, and an academic audience among information security majors.

Dedication

Acknowledgments

Honey Bear

Lizard

Baby Bird

Family and Friends

Security Community

Scott White—Technical Reviewer

Syngress Team

My Vices

Biography

Foreword

Introduction

About This Book

A Hands-On Approach

What's in This Book?

A Quick Disclaimer

Chapter 1. The Basics of Web Hacking

Chapter Rundown:

Introduction

What Is a Web Application?

What You Need to Know About Web Servers

What You Need to Know About HTTP

The Basics of Web Hacking: Our Approach

Web Apps Touch Every Part of IT

Existing Methodologies

Most Common Web Vulnerabilities

Setting Up a Test Environment

Chapter 2. Web Server Hacking

Chapter Rundown:

Introduction

Reconnaissance

Port Scanning

Vulnerability Scanning

Exploitation

Maintaining Access

Chapter 3. Web Application Recon and Scanning

Chapter Rundown:

Introduction

Web Application Recon

Web Application Scanning

Chapter 4. Web Application Exploitation with Injection

Chapter Rundown:

Introduction

SQL Injection Vulnerabilities

SQL Injection Attacks

sqlmap

Operating System Command Injection Vulnerabilities

Operating System Command Injection Attacks

Web Shells

Chapter 5. Web Application Exploitation with Broken Authentication and Path Traversal

Chapter Rundown:

Introduction

Authentication and Session Vulnerabilities

Path Traversal Vulnerabilities

Brute Force Authentication Attacks

Session Attacks

Path Traversal Attacks

Chapter 6. Web User Hacking

Chapter Rundown:

Introduction

Cross-Site Scripting (XSS) Vulnerabilities

Cross-Site Request Forgery (CSRF) Vulnerabilities

Technical Social Engineering Vulnerabilities

Web User Recon

Web User Scanning

Web User Exploitation

Cross-Site Scripting (XSS) Attacks

Reflected XSS Attacks

Stored XSS Attacks

Cross-Site Request Forgery (CSRF) Attacks

User Attack Frameworks

Chapter 7. Fixes

Chapter Rundown:

Introduction

Web Server Fixes

Web Application Fixes

Web User Fixes

Chapter 8. Next Steps

Chapter Rundown:

Introduction

Security Community Groups and Events

Formal Education

Certifications

Additional Books

Index

Product details

No. of pages: 160
Language: English
Published: June 18, 2013
Imprint: Syngress
Paperback ISBN: 9780124166004
eBook ISBN: 9780124166592

About the Author

Josh Pauli

Dr. Josh Pauli received his Ph.D. in Software Engineering from North Dakota State University (NDSU) and now serves as an Associate Professor of Information Security at Dakota State University (DSU) in Madison, SD. Dr. Pauli has published nearly 30 international journal and conference papers related to software security and his work includes invited presentations from the Department of Homeland Security, National Security Agency, Black Hat Briefings, and Defcon. He teaches both undergraduate and graduate courses in software security at DSU.

Ratings and Reviews

Write a review

Latest reviews

(Total rating for all reviews)

saurabh Wed Apr 22 2020
The Basics of Web Hacking
good

Preview - The Basics of Web Hacking