I start to read the book Web Penetration Testing with Kali Linux, Sencond Edition today, and make some notes on it.
- Ethical hacking
- Penestration testing
- Vulnerability assessment
- Security audits
- Black box testing or Gray box testing
- Client contact details
- Client IT Team notifications
- Sensitive data handling
- Status meeting
- Limitation of skills
- Limitation of time
- Limitation of custom exploits
- Avoding DoS Attack
- Limitation of access
- Limitations of tools used
- Protecting customer data
- Compliance with law and regulation
- Loss of reputation
- Revenue loss
- Protection against business disrupt
- E-mail Spoofing
- Telephone attacks
- Dumpster diving
- Malicious USB drives
- HTTP protocal
- Headers in HTTP
- Session tracking using cookies
- Architecture of web applications
- Status Code: A full list of HTTP status code can be found in
- Set Cookie
- Server: display useful information about the web server hosting the website
The exhaustive list of all the header fields and their usage can be found at the
- HEAD: Server will only respond with the HTTP header without sending any payload. Can be used to quickly identify the type of server.
- TRACE: Server bounces back the TRACE response with the original request message in the body of the response. It can be used to check what request the server received. Also, it can be used to identify any alterations to the request by intermediary devices such as proxy servers and firewalls. IIS server has a TRACK method, same as TRACE method. Related attack: cross-site tracking(XST), which can steal user’s cookies.
- OPTIONS: Query the server for the method that it supports.
Cookies can be divided into two main categories, persistent and non-persistent cokies
If you are using Windows 7, you can find persistent cookies in the following path:
- Internet Explorer: C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies. The cookies are stored in text files.
- Google Chrome: C:\Users\Juned\AppData\Local\Google\Chrome\User Data\Default\cookies. The cookies are stored in a sigle SQLite3 database. Besides, we can also view cookies in the browser, by simply type in
- Domain: specifies the domain to which the cookie would be sent.
- Path: use with the Domain, specify cookie’s scope.
- Secure: if this parameter is set, the cookie is only sent over SSL.
- Expires: the cookie will be stored until the time specified in this parameter.
- Presentation layer. Apache, Nginx, Microsoft IIS are all deployed in this layer.
- Application layer. PHP and ASP are programming languages that work at the application layer.
- Data access layer.
We focused on
03 - Web Application Analysis
- Burp proxy