未读消息消息

购物车

我的订单

个人中心

店铺

我的订单收藏

拍卖

拍卖交易我的竞拍收藏

我的好友资金账户

卖家中心

客服 |

帮助中心 9:00-20:30 在线留言

客服电话

010-89648155

服务时间

客服咨询 8:00-21:00

纠纷处理 9:00-21:00

图书审核 9:00-18:00

监督与建议

请选择

手机孔网

KaliLinuxWeb渗透测试第3版（影印版）

作者: Gilberto 著 , Najera-Gutierrez 著 , Juned 著 , Ahmed 著 , Ansari 著

出版社: 东南大学出版社

出版时间: 2019-05

版次: 1

ISBN: 9787564183233

定价: 106.00

装帧: 平装

开本: 16开

纸张: 胶版纸

页数: 408页

字数: 524千字

正文语种: 英语

分类: 计算机与互联网

2 张插图图片

4人买过

　　《Kali Linux Web渗透测试第3版（影印版）》展示了如何设置实验室，帮助你了解网站攻击的本质和机制，并且深入解释了经典的攻击方法。第3版针对新的Kali Linux改动以及最近的网络攻击进行了大量更新。在客户端攻击，尤其是模糊测试方面，Kali Linux的表现非常出色。
　　《Kali Linux Web渗透测试第3版（影印版）》首先将为你全面的介绍黑客攻击和渗透测试的概念，你会看到在Kali Linux中使用的与Web应用程序攻击相关的工具。你将深入了解典型的SQL、命令注入缺陷以及多种利用这些缺陷的手法。Web渗透测试还需要对客户端攻击具备一般性的了解，而这可以通过对脚本和输入验证缺陷的长时间讨论来解决。还有一个非常重要的章节是关于加密算法实现上的缺陷，在这章里我们讨论了网络栈中与加密层有关的新问题。这类攻击的严重性不容小觑，对其的防范与大多数互联网用户密切相关，当然其中也少不了渗透测试员。
　　在《Kali Linux Web渗透测试第3版（影印版）》的结尾，你会使用一种称为模糊测试的自动化技术来识别Web应用程序中的缺陷。最终，你将了解Web应用程序漏洞以及借助Kali Linux中的工具利用这些漏洞的方法　　Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one ofthe top security testing service providers in Australia. He obtained leading security andpenetration testing certifications， namely Offensive Security Certified Professional （OSCP），EC-Council Certified Security Administrator （ECSA）， and GIAC Exploit Researcher andAdvanced Penetration Tester （GXPN）； he also holds a Master's degree in Computer Sciencewith specialization in Artificial Intelligence.
　　Gilberto has been working as a penetration tester since 2013， and he has been a securityenthusiast for almost 20 years. He has successfully conducted penetration tests on networksand applications of some the biggest corporations， government agencies， and financialinstitutions in Mexico and Australia. Preface

Chapter 1： Introduction to Penetration Testing and Web Applications
Proactive security testing
Different testing methodologies
Ethical hacking
Penetration testing
Vulnerability assessment
Security audits
Considerations when performing penetration testing
Rules of Engagement
The type and scope of testing
Client contact details
Client IT team notifications
Sensitive data handling
Status meeting and reports
The limitations of penetration testing
The need for testing web applications
Reasons to guard against attacks on web applications
Kali Linux
A web application overview for penetration testers
HTTP protocol
Knowing an HTTP request and response
The request header
The response header
HTTP methods
The GET method
The POST method
The HEAD method
The TRACE method
The PUT and DELETE methods
The OPTIONS method
Keeping sessions in HTTP
Cookies
Cookie flow between server and client
Persistent and nonpersistent cookies
Cookie parameters
HTML data in HTTP response
The server-side code
Multilayer web application
Three-layer web application design
Web services
Introducing SOAP and REST web services
HTTP methods in web services
XML and JSON
AJAX
Building blocks of AJAX
The AJAX workflow
HTML5
WebSockets
Summary

Chapter 2： Setting Up Your Lab with Kali Linux
Kali Linux
Latest improvements in Kali Linux
Installing Kali Linux
Virtualizing Kali Linux versus installing it on physical hardware
Installing on VirtualBox
Creating the virtual machine
Installing the system
Important tools in Kali Linux
CMS & Framework Identification
WPScan
JoomScan
CMSmap
Web Application Proxies
Burp Proxy
Customizing client interception
Modifying requests on the fly
Burp Proxy with HTTPS websites
Zed Attack Proxy
ProxyStrike
Web Crawlers and Directory Bruteforce
……

Chapter 3： Reconnaissance and Profiling the Web Sewer
Reconnaissance
Chapter 4： Authentication and Session Management Flaws
Authentication schemes in web applications
Chapter 5： Detecting and Exploiting Injection-Based Flaws
Command injection
Chapter 6： Finding and Exploiting Cross-Site Scripting （XSS）
Vulnerabilities
Chapter 7： Cross-Site Request Forgery， Identification， and
Exploitation
Chapter 8： Attacking Flaws in Cryptographic Implementations
Chapter 9： AJAX， HTML5， and Client-Side Attacks
Crawling AJAX applications
Chapter 10： Other Common Security Flaws in Web Applications
Insecure direct object references
Chapter 11 ： Using Automated Scanners on Web Applications
Considerations before using an automated scanner
Web application vulnerability scanners in Kali Linux

Index
内容简介:
　　《Kali Linux Web渗透测试第3版（影印版）》展示了如何设置实验室，帮助你了解网站攻击的本质和机制，并且深入解释了经典的攻击方法。第3版针对新的Kali Linux改动以及最近的网络攻击进行了大量更新。在客户端攻击，尤其是模糊测试方面，Kali Linux的表现非常出色。
　　《Kali Linux Web渗透测试第3版（影印版）》首先将为你全面的介绍黑客攻击和渗透测试的概念，你会看到在Kali Linux中使用的与Web应用程序攻击相关的工具。你将深入了解典型的SQL、命令注入缺陷以及多种利用这些缺陷的手法。Web渗透测试还需要对客户端攻击具备一般性的了解，而这可以通过对脚本和输入验证缺陷的长时间讨论来解决。还有一个非常重要的章节是关于加密算法实现上的缺陷，在这章里我们讨论了网络栈中与加密层有关的新问题。这类攻击的严重性不容小觑，对其的防范与大多数互联网用户密切相关，当然其中也少不了渗透测试员。
　　在《Kali Linux Web渗透测试第3版（影印版）》的结尾，你会使用一种称为模糊测试的自动化技术来识别Web应用程序中的缺陷。最终，你将了解Web应用程序漏洞以及借助Kali Linux中的工具利用这些漏洞的方法
作者简介:
　　Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one ofthe top security testing service providers in Australia. He obtained leading security andpenetration testing certifications， namely Offensive Security Certified Professional （OSCP），EC-Council Certified Security Administrator （ECSA）， and GIAC Exploit Researcher andAdvanced Penetration Tester （GXPN）； he also holds a Master's degree in Computer Sciencewith specialization in Artificial Intelligence.
　　Gilberto has been working as a penetration tester since 2013， and he has been a securityenthusiast for almost 20 years. He has successfully conducted penetration tests on networksand applications of some the biggest corporations， government agencies， and financialinstitutions in Mexico and Australia.
目录:
Preface

Chapter 1： Introduction to Penetration Testing and Web Applications
Proactive security testing
Different testing methodologies
Ethical hacking
Penetration testing
Vulnerability assessment
Security audits
Considerations when performing penetration testing
Rules of Engagement
The type and scope of testing
Client contact details
Client IT team notifications
Sensitive data handling
Status meeting and reports
The limitations of penetration testing
The need for testing web applications
Reasons to guard against attacks on web applications
Kali Linux
A web application overview for penetration testers
HTTP protocol
Knowing an HTTP request and response
The request header
The response header
HTTP methods
The GET method
The POST method
The HEAD method
The TRACE method
The PUT and DELETE methods
The OPTIONS method
Keeping sessions in HTTP
Cookies
Cookie flow between server and client
Persistent and nonpersistent cookies
Cookie parameters
HTML data in HTTP response
The server-side code
Multilayer web application
Three-layer web application design
Web services
Introducing SOAP and REST web services
HTTP methods in web services
XML and JSON
AJAX
Building blocks of AJAX
The AJAX workflow
HTML5
WebSockets
Summary

Chapter 2： Setting Up Your Lab with Kali Linux
Kali Linux
Latest improvements in Kali Linux
Installing Kali Linux
Virtualizing Kali Linux versus installing it on physical hardware
Installing on VirtualBox
Creating the virtual machine
Installing the system
Important tools in Kali Linux
CMS & Framework Identification
WPScan
JoomScan
CMSmap
Web Application Proxies
Burp Proxy
Customizing client interception
Modifying requests on the fly
Burp Proxy with HTTPS websites
Zed Attack Proxy
ProxyStrike
Web Crawlers and Directory Bruteforce
……

Chapter 3： Reconnaissance and Profiling the Web Sewer
Reconnaissance
Chapter 4： Authentication and Session Management Flaws
Authentication schemes in web applications
Chapter 5： Detecting and Exploiting Injection-Based Flaws
Command injection
Chapter 6： Finding and Exploiting Cross-Site Scripting （XSS）
Vulnerabilities
Chapter 7： Cross-Site Request Forgery， Identification， and
Exploitation
Chapter 8： Attacking Flaws in Cryptographic Implementations
Chapter 9： AJAX， HTML5， and Client-Side Attacks
Crawling AJAX applications
Chapter 10： Other Common Security Flaws in Web Applications
Insecure direct object references
Chapter 11 ： Using Automated Scanners on Web Applications
Considerations before using an automated scanner
Web application vulnerability scanners in Kali Linux

Index

查看详情

KaliLinuxWeb渗透测试第3版（影印版）

内容简介:

作者简介:

目录: