The basics of web hacking

What's in This Book?

Chapter 1
                   The Basics of Web Hacking provides an overview of current web vulnerabilities and how our hands-on approach aims at them.

Chapter 2
                    Web Server Hacking takes traditional network hacking methodologies and applies them directly to the webserver to not only compromise those machines but also to provide a base of knowledge to use in aĴacks against the web application and web user. Tools include Nmap, Nessus, Nikto, and Metasploit.

Chapter 3
                   Web Application Recon and Scanning introduces tools, such as web proxies and scanning tools, which set the stage for you to exploit the targeted web application by finding existing vulnerabilities. Tools include Burp Suite (Spider and Intercept) and Zed Attack Proxy (ZAP).

Chapter 4
                    Web Application Exploitation with Injection covers the theory, tools, and techniques used to exploit web applications with SQL injection, operating system command injection, and web shells. Tools include Burp Suite (specifically the functions and features of the Proxy Intercept and Repeater tools), sqlmap, John the Ripper (J tR), custom web shell files, and net.

Chapter 5
                  Web Application Exploitation with Broken Authentication and Path Traversal covers the theory, tools, and techniques used to exploit web applications with brute-forcing logins, sessions aĴacks, and forceful browsing. Tools include Burp Suite (Intruder and Sequencer) and various operating system commands for nefarious purposes.

Chapter 6
                   Web User Hacking covers the theory, tools, and techniques used to exploit other web users by exploiting web application cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities as well as aĴacks that require no existing web server or web application vulnerabilities, but instead prey directly on the user’s willingness to complete dangerous actions. The main tool of choice will be SocialEngineer Toolkit (SET).

Chapter 7
                  Fixes covers the best practices available today to prevent all the aĴacks introduced in the book. Like most things security-related, the hard part is not identifying these mitigation strategies, but instead on how to best implement and test that they are doing what they are intended to do.

Chapter 8
                   Next Steps introduces where you can go after finishing this book to continue on your hacking journey. There are tons of great information security groups and events to take part in. Some of you may want formal education, while others may want to know what certifications are especially applicable to this type of security work. A quick list of good books to consider is also provided.

Also, Subscribe to my youtube channel