The Basics of Web Hacking: Tools and Techniques to Attack the Web

by Josh Pauli

The Basics of Web Hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a "path of least resistance" that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities. The Basics of Web Hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user. With Dr. Pauli’s approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose. Once you complete the entire process, not only will you be prepared to test for the most damaging Web exploits, you will also be prepared to conduct more advanced Web hacks that mandate a strong base of knowledge.

Genres: Hackers, Technology, Technical

160 pages, Paperback

First published June 18, 2013

Reviews

[Paul · Rating 4 out of 5]

Pretty quick read, and written in an approachable style. As you might expect, many of the URLs mentioned in the book are already dated. No idea how accurate the information in the book actually is, but it seemed a good overview of at least some of the issues involved in web security.

[Chetan Singh · Rating 3 out of 5]

As the title suggest "The Basics of web hacking" the author has tried to cover all the basic knowledge on the topic web hacking the content and examples are good and is easy to understand, this book is help full for beginners who want start learning about web hacking.