Kali Linux Web滲透測(cè)試第3版（影印版）

定　價(jià)：￥106.00

作　者：	暫缺
出版社：	東南大學(xué)出版社
叢編項(xiàng)：
標(biāo)　簽：	暫缺

購(gòu)買(mǎi)這本書(shū)可以去

ISBN：	9787564183233	出版時(shí)間：	2019-05-01	包裝：	平裝
開(kāi)本：	16開(kāi)	頁(yè)數(shù)：	408	字?jǐn)?shù)：

內(nèi)容簡(jiǎn)介

　　《Kali Linux Web滲透測(cè)試第3版（影印版）》展示了如何設(shè)置實(shí)驗(yàn)室，幫助你了解網(wǎng)站攻擊的本質(zhì)和機(jī)制，并且深入解釋了經(jīng)典的攻擊方法。第3版針對(duì)新的Kali Linux改動(dòng)以及最近的網(wǎng)絡(luò)攻擊進(jìn)行了大量更新。在客戶端攻擊，尤其是模糊測(cè)試方面，Kali Linux的表現(xiàn)非常出色?！禟ali Linux Web滲透測(cè)試第3版（影印版）》首先將為你全面的介紹黑客攻擊和滲透測(cè)試的概念，你會(huì)看到在Kali Linux中使用的與Web應(yīng)用程序攻擊相關(guān)的工具。你將深入了解典型的SQL、命令注入缺陷以及多種利用這些缺陷的手法。Web滲透測(cè)試還需要對(duì)客戶端攻擊具備一般性的了解，而這可以通過(guò)對(duì)腳本和輸入驗(yàn)證缺陷的長(zhǎng)時(shí)間討論來(lái)解決。還有一個(gè)非常重要的章節(jié)是關(guān)于加密算法實(shí)現(xiàn)上的缺陷，在這章里我們討論了網(wǎng)絡(luò)棧中與加密層有關(guān)的新問(wèn)題。這類攻擊的嚴(yán)重性不容小覷，對(duì)其的防范與大多數(shù)互聯(lián)網(wǎng)用戶密切相關(guān)，當(dāng)然其中也少不了滲透測(cè)試員。在《Kali Linux Web滲透測(cè)試第3版（影印版）》的結(jié)尾，你會(huì)使用一種稱為模糊測(cè)試的自動(dòng)化技術(shù)來(lái)識(shí)別Web應(yīng)用程序中的缺陷。最終，你將了解Web應(yīng)用程序漏洞以及借助Kali Linux中的工具利用這些漏洞的方法

作者簡(jiǎn)介

　　Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one ofthe top security testing service providers in Australia. He obtained leading security andpenetration testing certifications， namely Offensive Security Certified Professional （OSCP），EC-Council Certified Security Administrator （ECSA）， and GIAC Exploit Researcher andAdvanced Penetration Tester （GXPN）； he also holds a Master's degree in Computer Sciencewith specialization in Artificial Intelligence.Gilberto has been working as a penetration tester since 2013， and he has been a securityenthusiast for almost 20 years. He has successfully conducted penetration tests on networksand applications of some the biggest corporations， government agencies， and financialinstitutions in Mexico and Australia.

圖書(shū)目錄

Preface
Chapter 1： Introduction to Penetration Testing and Web Applications
Proactive security testing
Different testing methodologies
Ethical hacking
Penetration testing
Vulnerability assessment
Security audits
Considerations when performing penetration testing
Rules of Engagement
The type and scope of testing
Client contact details
Client IT team notifications
Sensitive data handling
Status meeting and reports
The limitations of penetration testing
The need for testing web applications
Reasons to guard against attacks on web applications
Kali Linux
A web application overview for penetration testers
HTTP protocol
Knowing an HTTP request and response
The request header
The response header
HTTP methods
The GET method
The POST method
The HEAD method
The TRACE method
The PUT and DELETE methods
The OPTIONS method
Keeping sessions in HTTP
Cookies
Cookie flow between server and client
Persistent and nonpersistent cookies
Cookie parameters
HTML data in HTTP response
The server-side code
Multilayer web application
Three-layer web application design
Web services
Introducing SOAP and REST web services
HTTP methods in web services
XML and JSON
AJAX
Building blocks of AJAX
The AJAX workflow
HTML5
WebSockets
Summary
Chapter 2： Setting Up Your Lab with Kali Linux
Kali Linux
Latest improvements in Kali Linux
Installing Kali Linux
Virtualizing Kali Linux versus installing it on physical hardware
Installing on VirtualBox
Creating the virtual machine
Installing the system
Important tools in Kali Linux
CMS & Framework Identification
WPScan
JoomScan
CMSmap
Web Application Proxies
Burp Proxy
Customizing client interception
Modifying requests on the fly
Burp Proxy with HTTPS websites
Zed Attack Proxy
ProxyStrike
Web Crawlers and Directory Bruteforce
……
Chapter 3： Reconnaissance and Profiling the Web Sewer
Reconnaissance
Chapter 4： Authentication and Session Management Flaws
Authentication schemes in web applications
Chapter 5： Detecting and Exploiting Injection-Based Flaws
Command injection
Chapter 6： Finding and Exploiting Cross-Site Scripting （XSS）
Vulnerabilities
Chapter 7： Cross-Site Request Forgery， Identification， and
Exploitation
Chapter 8： Attacking Flaws in Cryptographic Implementations
Chapter 9： AJAX， HTML5， and Client-Side Attacks
Crawling AJAX applications
Chapter 10： Other Common Security Flaws in Web Applications
Insecure direct object references
Chapter 11 ： Using Automated Scanners on Web Applications
Considerations before using an automated scanner
Web application vulnerability scanners in Kali Linux
Index