Overview
The Basics of Web Hacking introduces you to a tool-driven process to identify the most widespread Web application vulnerabilities. Web apps are a "path of least resistance" that can be exploited to cause the most damage, with the lowest hurdles to overcome. This book introduces not only theory and practical information related to these vulnerabilities, but also the detailed configuration and use of widely available tools. The Basics of Web Hacking offers a simple and clean explanation of how to use tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, and netcat. Josh Pauli teaches software security at Dakota State University and has presented to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He leads you through a focused, three-part approach to Web security, including hacking the server, the Web app, and the Web user. With his approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and known-vulnerable Web application VMs that are widely available and maintained for this purpose. Once you complete the process you will be prepared to test for the most damaging Web exploits and to conduct more advanced Web hacks.