Ethical Hacker’s Penetration Testing Guide: Vulnerability Assessment and Attack Simulation on Web, Mobile, Network Services and Wireless Networks
- Length: 472 pages
- Edition: 1
- Language: English
- Publisher: BPB Publications
- Publication Date: 2022-05-23
- ISBN-10: 9355512155
- ISBN-13: 9789355512154
- Sales Rank: #2476173 (See Top 100 Books)
Discover security posture, vulnerabilities, and blind spots ahead of the threat actor
Key Features
- Includes illustrations and real-world examples of pentesting web applications, REST APIs, thick clients, mobile applications, and wireless networks.
- Covers numerous techniques such as Fuzzing (FFuF), Dynamic Scanning, Secure Code Review, and bypass testing.
- Practical application of Nmap, Metasploit, SQLmap, OWASP ZAP, Wireshark, and Kali Linux.
Description
The ‘Ethical Hacker’s Penetration Testing Guide’ is a hands-on guide that will take you from the fundamentals of pen testing to advanced security testing techniques. This book extensively uses popular pen testing tools such as Nmap, Burp Suite, Metasploit, SQLmap, OWASP ZAP, and Kali Linux.
A detailed analysis of pentesting strategies for discovering OWASP top 10 vulnerabilities, such as cross-site scripting (XSS), SQL Injection, XXE, file upload vulnerabilities, etc., are explained. It provides a hands-on demonstration of pentest approaches for thick client applications, mobile applications (Android), network services, and wireless networks. Other techniques such as Fuzzing, Dynamic Scanning (DAST), and so on are also demonstrated. Security logging, harmful activity monitoring, and pentesting for sensitive data are also included in the book. The book also covers web security automation with the help of writing effective python scripts.
Through a series of live demonstrations and real-world use cases, you will learn how to break applications to expose security flaws, detect the vulnerability, and exploit it appropriately. Throughout the book, you will learn how to identify security risks, as well as a few modern cybersecurity approaches and popular pentesting tools.
What you will learn
- Expose the OWASP top ten vulnerabilities, fuzzing, and dynamic scanning.
- Get well versed with various pentesting tools for web, mobile, and wireless pentesting.
- Investigate hidden vulnerabilities to safeguard critical data and application components.
- Implement security logging, application monitoring, and secure coding.
- Learn about various protocols, pentesting tools, and ethical hacking methods.
Who this book is for
This book is intended for pen testers, ethical hackers, security analysts, cyber professionals, security consultants, and anybody interested in learning about penetration testing, tools, and methodologies. Knowing concepts of penetration testing is preferable but not required.
Cover Page Title Page Copyright Page Foreword Dedication Page About the Author About the Reviewer Acknowledgement Preface Errata Table of Contents 1. Overview of Web and Related Technologies and Understanding the Application Introduction Structure Objectives Static vs dynamic web application, cookies Static web application: No cookies, no state/session Example of static web application Dynamic web application (web application with session) Web technologies: HTTP methods, response codes, and importance HTTP response codes Introduction to HTTP2 HTTPS basics Hashing, salting, encrypting Representational state transfer (REST) Google Dorking/Google hacking Simple Google Dorks Syntax for Recon Web application architecture and understanding the application (Recon) Visual site map Basic Linux/Windows commands Conclusion References 2. Web Penetration Testing – Through Code Review Introduction Structure Objectives OWASP survey on effective detection methods for web vulnerabilities OWASP top 10 vulnerabilities OWASP' top 10 web application security risks Attack surface Code review: Things to look for while reviewing URL encoding and Same Origin Policy (SOP) URL encoding and escaping: The key is "In which order things are done" URL, encoding, and escaping: Things to review Same Origin Policy (SOP) Code viewing for Cross Site Scripting (XSS) SQL injection: The deadliest beast IDOR/BOLA/Auth bypass is the new pandemic Code review: Unrestricted file upload Code review: Scary mistakes Code review: Cryptography, hashing, and salt: Nothing is secure forever Code review: Unvalidated URL Redirects Conclusion References 3. Web Penetration Testing – Injection Attacks Introduction Structure Objective Basic usages of Burp Proxy in pentesting Proxying REST API request using Postman and Burp Proxy Pentesting for XSS XSS in HTML context XSS in HTML attribute context XSS in URL context (works on PHP based application) XSS in JavaScript context XSS with headers and cookies: Application which processes header information XSS with certificate request or SSL certificate information DOM XSS Pentesting for SQL Injection Pentesting for Simple SQL Injection Pen testing for error-based SQL Injection Blind SQL injection Pen testing for time based Blind SQL Injection Important usages of SQLMap for detecting SQL Injection What to notice while the SQLMap scan just started? Running SQLMap against Rest API How to send POST request (Example: for REST API) using SQLMap? Running SQLMap when URL does not have any query string SQLMapper/CO2 extension for Burp Suite Pentesting for Command Injection Locating sensitive files in the server Blind command injection Conclusion References 4. Fuzzing, Dynamic Scanning of REST API, and Web Application Introduction Structure Objective Fuzzing Web Application and REST API Fuzz Faster U Fool (Ffuf): A fast web fuzzer written in Go Fuzzing REST API by adding various HTTP Headers Fuzzing authenticated pages/REST API end points with cookies Various usage options of Ffuf Using Burp Suite Turbo Intruder (Fuzzer that supports HTTP2) Basic tricks in analyzing the output of fuzzing to conclude our findings Dynamic scanning of REST API and web application with OWASP ZAP Pentest REST API using OWASP ZAP Various setting and tricks while using OWASP ZAP Add your host in scope for scanning Configure your application for ZAP Active scanning Various Active scan settings for Input Vectors in OWAZP ZAP Other advanced settings of ZAP ZAP Community scripts Why will automation without your brain not get any good result? Conclusion References 5. Web Penetration Testing – Unvalidated Redirects/Forwards, SSRF Introduction Structure Objective Pen testing for unvalidated redirects or forwards Pentesting for Server-Side Request Forgery (SSRF) Pentesting for SSRF SSRF scenario 1 SSRF scenario 2 Bypass of SSRF protection Restriction of localhost or 127.0.0.1 bypass using "::1" Other representation of localhost IP obfuscation to bypass restriction for 127.0.0.1 IPv6/IPv4 address embedding DNS spoofing Conclusion References 6. Pentesting for Authentication, Authorization Bypass, and Business Logic Flaws Introduction Structure Objective Authentication bypass Authorization issues Tricking authentication, authorization, and business logic Business logic bypass test scenarios IDOR/Access Control Bypass scenarios for REST API Pen testing for HTTP 403 or Access Denied bypass Conclusion References 7. Pentesting for Sensitive Data, Vulnerable Components, Security Monitoring Introduction Structure Objective Sensitive data in log, URL, DB, config, default credentials egrep Various methods for assessing the application for sensitive data exposure issues Discovering components with known vulnerabilities OWASP RetireJS Apache OpenSSL SSLyze VulnerableCode Snyk scan for GitHub Deny access to backup and source files with .htaccess Implement security logging and monitoring: Splunk Alerts Conclusion References 8. Exploiting File Upload Functionality and XXE Attack Introduction Structure Objective Pentesting for unrestricted file upload with REST API Unrestricted file upload: XSS: File name having XSS payload Unrestricted file upload: Remote Code Execution (RCE) attack Unrestricted file upload: XSS: File metadata having malicious payload Use null byte in file extension to bypass file extension checks Use double extension of file to bypass file extension checks Bypass Blacklisted extension check in file upload: Remote Code Execution (RCE) attack scenario Bypass php gd() checks for file upload XML and XXE attacks XML custom entities Protection against XXE attack Performing Gray-Box XXE pentesting while doing Blackbox pentesting Conclusion References 9. Web Penetration Testing: Thick Client Introduction Structure Objective Thick Client application architecture Understanding the Thick Client application Perform reconnaissance of the Thick Client application Reverse engineering the Thick Client application Sensitive data in registry Sensitive data in config file Sensitive data in communication Using Process Monitor Username/password/keys in memory SQL Injection vulnerability Conclusion References 10. Introduction to Network Pentesting Introduction Structure Objective Setting up of pentest lab Various phases of pentesting Host discovery and service detection using Nmap Service (web server, SMTP etc.) detection Nmap Scripting Engine (NSE) Exploiting the vulnerabilities using Metasploit and other tools Exploiting FTP (port 21) service using username enumeration with Hydra Metasploit framework Upgrade Metasploit framework on Kali Scanning for port 8180 (Apache Tomcat) for getting access to Tomcat Admin Console Exploiting VNC protocol Setting up lab with log4jshell vulnerability (CVE-2021-44228) Detecting log4j in the victim machine Scanning for vulnerabilities using Nessus Essentials/Home Conclusion References 11. Introduction to Wireless Pentesting Introduction Structure Objective Reconnaissance to identify wireless network Hacking into the wireless network by cracking weak password Conclusion References 12. Penetration Testing - Mobile App Introduction Structure Objective Android application security architecture Android application build process Android Application Package or Android Package Kit (APK) file OWASP Top 10 mobile risks Setting up lab for pentesting mobile App Basic ADB commands Install diva app in emulated mobile device for pentesting Reverse engineering or analyze APK file Embedded secrets in application code Sensitive data printed on log Sensitive data disclosure via SQLite DB Insecure data storage Extracting sensitive internal file through URL scheme hijacking Debug enabled SQL Injection vulnerability Static Analysis using mobile security framework Introducing dynamic analysis on MobSF Conclusion References 13. Security Automation for Web Pentest Introduction Structure Objective Prerequisite Scenario 1: Brute Forcing Login Page Scenario 2: Simple SQL Injection Checker Scenario 3: Simple Privilege Escalation Checker Scenario 4: Indirect Object Reference (IDOR) Checker Conclusion 14. Setting Up Pentest Lab Host machine: Windows 11 laptop Download and install Python, pip, and other required modules Download and install XAMM and DVWA Setting up insecure thick client application, DVTA and other required tools Installing MS SQL Server and SQL Server Management Studio Kali Linux Network Service Policy Vulnerable victim machine: Multipliable2 Setting up Windows VM References Index
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.