Learning Python web penetration testing : automate web penetration testing activities using Phyton

Learning Python web penetration testing automate web penetration testing activities using Phyton

Leverage the simplicity of Python and available libraries to build web security testing tools for your application About This Book Understand the web application penetration testing methodology and toolkit using Python Write a web crawler/spider with the Scrapy library Detect and exploit SQL injecti...

Full description

Bibliographic Details
Other Authors: Martorella, Christian, author (author)
Format: eBook
Language:Inglés
Published: Birmingham : Packt 2018.
Edition:1st edition
Subjects:
Python (Computer program language)
Penetration testing (Computer security)
Teste Extensão local
See on Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630642506719
Table of Contents:
  • Cover
  • Title Page
  • Copyright and Credits
  • Packt Upsell
  • Contributor
  • Table of Contents
  • Preface
  • Chapter 1: Introduction to Web Application Penetration Testing
  • Understanding the web application penetration testing process
  • Typical web application toolkit
  • HTTP Proxy
  • Crawlers and spiders
  • Vulnerability scanners
  • Brute forces/predictable resource locators
  • Specific task tools
  • Testing environment
  • Summary
  • Chapter 2: Interacting with Web Applications
  • HTTP protocol basics
  • What is HTTP and how it works?
  • Anatomy of an HTTP request
  • HTTP headers
  • GET request
  • Interacting with a web app using the requests library
  • Requests library
  • Our first script
  • Setting headers
  • Analyzing HTTP responses
  • HTTP codes
  • Summary
  • Chapter 3: Web Crawling with Scrapy - Mapping the Application
  • Web application mapping
  • Creating our own crawler/spider with Scrapy
  • Starting with Scrapy
  • Making our crawler recursive
  • Scraping interesting stuff
  • Summary
  • Chapter 4: Resources Discovery
  • What is resource discovery?
  • Building our first BruteForcer
  • Analysing the results
  • Adding more information
  • Entering the hash of the response content
  • Taking screenshots of the findings
  • Summary
  • Chapter 5: Password Testing
  • How password attacks work
  • Password cracking
  • Password policies and account locking
  • Our first password BruteForcer
  • Basic authentication
  • Creating the password cracker
  • Adding support for digest authentication
  • What is digest authentication?
  • Adding digest authentication to our script
  • Form-based authentication
  • Form-based authentication overview
  • Summary
  • Chapter 6: Detecting and Exploiting SQL Injection Vulnerabilities
  • Introduction to SQL injection
  • SQLi versus blind SQLi
  • Detecting SQL injection issues
  • Methods for detecting SQLi.
  • Automating the detection
  • Exploiting a SQL injection to extract data
  • What data can we extract with an SQLi?
  • Automating basic extractions
  • Advanced SQLi exploiting
  • Summary
  • Chapter 7: Intercepting HTTP Requests
  • HTTP proxy anatomy
  • What is an HTTP proxy?
  • Why do we need a proxy?
  • Types of HTTP proxy
  • Introduction to mitmproxy
  • Why mitmproxy?
  • Manipulating HTTP requests
  • Inline scripts
  • Automating SQLi in mitmproxy
  • SQLi process
  • Summary
  • Other Books You May Enjoy
  • Index.

Similar Items