Learning Python Web Penetration Testing
Automate web penetration testing activities using Python
Seiten
2018
Packt Publishing Limited (Verlag)
978-1-78953-397-2 (ISBN)
Packt Publishing Limited (Verlag)
978-1-78953-397-2 (ISBN)
This book will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for every main activity in the process. It will show you how to test for security vulnerabilities in web applications just like security professionals and hackers do.
Leverage the simplicity of Python and available libraries to build web security testing tools for your application
Key Features
Understand the web application penetration testing methodology and toolkit using Python
Write a web crawler/spider with the Scrapy library
Detect and exploit SQL injection vulnerabilities by creating a script all by yourself
Book DescriptionWeb penetration testing is the use of tools and code to attack a website or web app in order to assess its vulnerability to external threats. While there are an increasing number of sophisticated, ready-made tools to scan systems for vulnerabilities, the use of Python allows you to write system-specific scripts, or alter and extend existing testing tools to find, exploit, and record as many security weaknesses as possible. Learning Python Web Penetration Testing will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for each activity throughout the process. The book begins by emphasizing the importance of knowing how to write your own tools with Python for web application penetration testing. You will then learn to interact with a web application using Python, understand the anatomy of an HTTP request, URL, headers and message body, and later create a script to perform a request, and interpret the response and its headers. As you make your way through the book, you will write a web crawler using Python and the Scrappy library. The book will also help you to develop a tool to perform brute force attacks in different parts of the web application. You will then discover more on detecting and exploiting SQL injection vulnerabilities. By the end of this book, you will have successfully created an HTTP proxy based on the mitmproxy tool.
What you will learn
Interact with a web application using the Python and Requests libraries
Create a basic web application crawler and make it recursive
Develop a brute force tool to discover and enumerate resources such as files and directories
Explore different authentication methods commonly used in web applications
Enumerate table names from a database using SQL injection
Understand the web application penetration testing methodology and toolkit
Who this book is forLearning Python Web Penetration Testing is for web developers who want to step into the world of web application security testing. Basic knowledge of Python is necessary.
Leverage the simplicity of Python and available libraries to build web security testing tools for your application
Key Features
Understand the web application penetration testing methodology and toolkit using Python
Write a web crawler/spider with the Scrapy library
Detect and exploit SQL injection vulnerabilities by creating a script all by yourself
Book DescriptionWeb penetration testing is the use of tools and code to attack a website or web app in order to assess its vulnerability to external threats. While there are an increasing number of sophisticated, ready-made tools to scan systems for vulnerabilities, the use of Python allows you to write system-specific scripts, or alter and extend existing testing tools to find, exploit, and record as many security weaknesses as possible. Learning Python Web Penetration Testing will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for each activity throughout the process. The book begins by emphasizing the importance of knowing how to write your own tools with Python for web application penetration testing. You will then learn to interact with a web application using Python, understand the anatomy of an HTTP request, URL, headers and message body, and later create a script to perform a request, and interpret the response and its headers. As you make your way through the book, you will write a web crawler using Python and the Scrappy library. The book will also help you to develop a tool to perform brute force attacks in different parts of the web application. You will then discover more on detecting and exploiting SQL injection vulnerabilities. By the end of this book, you will have successfully created an HTTP proxy based on the mitmproxy tool.
What you will learn
Interact with a web application using the Python and Requests libraries
Create a basic web application crawler and make it recursive
Develop a brute force tool to discover and enumerate resources such as files and directories
Explore different authentication methods commonly used in web applications
Enumerate table names from a database using SQL injection
Understand the web application penetration testing methodology and toolkit
Who this book is forLearning Python Web Penetration Testing is for web developers who want to step into the world of web application security testing. Basic knowledge of Python is necessary.
Christian Martorella has been working in the field of information security for the last 18 years and is currently leading the product security team for Skyscanner. Earlier, he was the principal program manager in the Skype product security team at Microsoft. His current focus is security engineering and automation. He has contributed to open source security testing tools such as Wfuzz, theHarvester, and Metagoofil, all included in Kali, the penetration testing Linux distribution.
Table of Contents
Introduction to Web Application Penetration Testing
Interacting with Web Applications
Web Crawling with Scrapy – Mapping the Application
Discovering resources
Password Testing
Detecting and Exploiting SQL Injection Vulnerabilities
Intercepting HTTP Requests
| Erscheinungsdatum | 09.07.2018 |
|---|---|
| Verlagsort | Birmingham |
| Sprache | englisch |
| Maße | 75 x 93 mm |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Mathematik / Informatik ► Informatik ► Programmiersprachen / -werkzeuge | |
| ISBN-10 | 1-78953-397-X / 178953397X |
| ISBN-13 | 978-1-78953-397-2 / 9781789533972 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
Mehr entdecken
aus dem Bereich
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …
Buch | Softcover (2022)
Springer Vieweg (Verlag)
CHF 48,95
Konzepte – Verfahren – Protokolle
Buch | Hardcover (2023)
De Gruyter Oldenbourg (Verlag)
CHF 132,90
