Penetration Testing of Computer Networks Using Burpsuite and Various Penetration Testing Tools
Sinopsis
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
In this report I am using a combination of Burp tools to detect and exploit vulnerabilities in Damn Vulnerable Web App (DVWA) with low security. By default, Burp Scanner scans all requests and responses that pass through the proxy. Burp lists any issues that it identifies under Issue activity on the Dashboard. You can also use Burp Scanner to actively audit for vulnerabilities. Scanner sends additional requests and analyzes the applications traffic and behavior to identify issues.
Various examples are outlined in this report for different types of vulnerabilities such as: SQL injection, Cross Site Request Forgery (CSRF), Cross-site scripting, File upload, Local and Remote File Inclusion. I tested various types of penetration testing tools in order to exploit different types of vulnerabilities. The report consists from the following parts:
1. Installing and Configuring BurpSuite
2. BurpSuite Intruder.
3. Installing XMAPP and DVWA App in Windows System.
4. Installing PHP, MySQL, Apache2, Python and DVWA App in Kali Linux.
5. Scanning Kali-Linux and Windows Using .
6. Understanding Netcat, Reverse Shells and Bind Shells.
7. Adding Burps Certificate to Browser.
8. Setting up Target Scope in BurpSuite.
9. Scanning Using BurpSuite.
10. Scan results for SQL Injection Vulnerability with BurpSuite and Using SQLMAP to Exploit the SQL injection.
11. Scan Results for Operating System Command Injection Vulnerability with BurpSuite and Using Commix to Exploit the OS Command Injection.
12. Scan Results for Cross Side Scripting (XSS) Vulnerability with BurpSuite, Using Xserve to exploit XSS Injection and Stealing Web Login Session Cookies through the XSS Injection.
13. Exploiting File Upload Vulnerability.
14: Exploiting Cross Site Request Forgery (CSRF) Vulnerability.
15. Exploiting File Inclusion Vulnerability.
16. References.
Léelo en cualquier dispositivo
* ¿Cómo conseguir tu eBook gratis?
Aproximadamente una semana después de la compra, recibirás un correo electrónico con un código promocional. Para canjearlo, solo tendrás que añadir el eBook La casa de las amapolas al carrito en casadellibro.com e introducir el código recibido en el momento del pago para que el eBook te salga gratis.
El código tiene una validez de dos semanas desde su recepción. Pasado ese plazo, caducará. Solo puede utilizarse una vez.
La promoción es válida para pedidos realizados en casadellibro.com
Si compras el dispositivo en nuestras librerías, podrás conseguir tu eBook gratis solo si eres Socio.
Ficha Técnica
Editorial: Dr. Hidaia Mahmood Alassouli
ISBN: 9783988654809
Idioma: Inglés
Fecha de lanzamiento: 11/03/2023
Especificaciones del producto
Reseñas sobre Penetration Testing of Computer Networks Using Burpsuite and Various Penetration Testing Tools
Comparte tu experiencia con la comunidad lectora.
0 Reseñas
Sólo por opinar entras en el sorteo mensual de tres tarjetas regalo valoradas en
20€