Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Checkout

Change country

Modal Close icon
Country selected Country selected
country flag United States
Country selected
country flag Great Britain
Country selected
country flag India
Country selected
country flag Germany
Country selected
country flag France
Country selected
country flag Canada
Country selected
country flag Russia
Country selected
country flag Spain
Country selected
country flag Brazil
Country selected
country flag Australia
Country selected
country flag South Africa
Country selected
country flag Thailand
Country selected
country flag Ukraine
Country selected
country flag Switzerland
Country selected
country flag Slovakia
Country selected
country flag Luxembourg
Country selected
country flag Hungary
Country selected
country flag Romania
Country selected
country flag Denmark
Country selected
country flag Ireland
Country selected
country flag Estonia
Country selected
country flag Belgium
Country selected
country flag Italy
Country selected
country flag Finland
Country selected
country flag Cyprus
Country selected
country flag Lithuania
Country selected
country flag Latvia
Country selected
country flag Malta
Country selected
country flag Netherlands
Country selected
country flag Portugal
Country selected
country flag Slovenia
Country selected
country flag Sweden
Country selected
country flag Argentina
Country selected
country flag Colombia
Country selected
country flag Ecuador
Country selected
country flag Indonesia
Country selected
country flag Mexico
Country selected
country flag New Zealand
Country selected
country flag Norway
Country selected
country flag South Korea
Country selected
country flag Taiwan
Country selected
country flag Turkey
Country selected
country flag Czechia
Country selected
country flag Austria
Country selected
country flag Greece
Country selected
country flag Isle of Man
Country selected
country flag Bulgaria
Country selected
country flag Japan
Country selected
country flag Philippines
Country selected
country flag Poland
Country selected
country flag Singapore
Country selected
country flag Egypt
Country selected
country flag Chile
Country selected
country flag Malaysia
Country selected
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Arrow up icon
GO TO TOP
Web Penetration Testing with Kali Linux

You're reading from   Web Penetration Testing with Kali Linux Explore the methods and tools of ethical hacking with Kali Linux

Arrow left icon
Product type Paperback
Published in Feb 2018
Publisher
ISBN-13 9781788623377
Length 426 pages
Edition 3rd Edition
Tools
Concepts
Arrow right icon
Authors (3):
Arrow left icon
Dieterle Dieterle
Author Profile Icon Dieterle
Dieterle
Daniel W. Dieterle, with over 20 years in IT, has evolved from a system and network support role to a dedicated Computer Security Researcher and Author. His expertise, honed in diverse environments like corporate data centers and Ivy League schools, is reflected in his Kali Linux-based books, widely used globally for security training in universities, government, and private sectors. He has contributed to numerous technical books, articles, and security training classes, and is passionate about mentoring newcomers in the field.
Read more
See other products by Dieterle
Gilberto Najera-Gutierrez Gilberto Najera-Gutierrez
Author Profile Icon Gilberto Najera-Gutierrez
Gilberto Najera-Gutierrez
Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).
Read more
See other products by Gilberto Najera-Gutierrez
Juned Ahmed Ansari Juned Ahmed Ansari
Author Profile Icon Juned Ahmed Ansari
Juned Ahmed Ansari
Juned Ahmed Ansari is a cyber security researcher based out of Mumbai. He currently leads the penetration testing and offensive security team in a prodigious MNC. Juned has worked as a consultant for large private sector enterprises, guiding them on their cyber security program. He has also worked with start-ups, helping them make their final product secure. Juned has conducted several training sessions on advanced penetration testing, which were focused on teaching students stealth and evasion techniques in highly secure environments. His primary focus areas are penetration testing, threat intelligence, and application security research.
Read more
See other products by Juned Ahmed Ansari
Arrow right icon
View More author details
Toc

Table of Contents (19) Chapters Close

Title Page
Copyright and Credits
Dedication
Packt Upsell
Contributors
Preface
1. Introduction to Penetration Testing and Web Applications FREE CHAPTER 2. Setting Up Your Lab with Kali Linux 3. Reconnaissance and Profiling the Web Server 4. Authentication and Session Management Flaws 5. Detecting and Exploiting Injection-Based Flaws 6. Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities 7. Cross-Site Request Forgery, Identification, and Exploitation 8. Attacking Flaws in Cryptographic Implementations 9. AJAX, HTML5, and Client-Side Attacks 10. Other Common Security Flaws in Web Applications 11. Using Automated Scanners on Web Applications 1. Other Books You May Enjoy Index

Preventing and mitigating Cross-Site Scripting

As with any other injection vulnerability, a proper input validation is the first line of defense in order to prevent XSS. Also, if possible, avoid using user inputs as output information. Sanitization and encoding are key aspects of preventing XSS.

Sanitization means removing inadmissible characters from the string. This is useful when no special characters should exist in input strings.

Encoding converts special characters to their HTML code representation. For example, & to &amp; or < to &lt;. Some types of applications may need to allow the use of special characters in input strings. For those applications, sanitization is not an option. Thus, they should encode the output data before inserting it into the page and storing it in the database.

The validation, sanitization, and encoding processes must be done on both the client side and the server side in order to prevent all types of XSS and other code injections.

Note

More information...

lock icon The rest of the chapter is locked
arrow left Previous Section
Section 5 of 6
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at £13.99/month. Cancel anytime

Authors (3)

Left arrow icon
Profile icon Dieterle
Dieterle
Daniel W. Dieterle, with over 20 years in IT, has evolved from a system and network support role to a dedicated Computer Security Researcher and Author. His expertise, honed in diverse environments like corporate data centers and Ivy League schools, is reflected in his Kali Linux-based books, widely used globally for security training in universities, government, and private sectors. He has contributed to numerous technical books, articles, and security training classes, and is passionate about mentoring newcomers in the field.
Read more
See other products by Dieterle
Profile icon Gilberto Najera-Gutierrez
Gilberto Najera-Gutierrez
Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).
Read more
See other products by Gilberto Najera-Gutierrez
Profile icon Juned Ahmed Ansari
Juned Ahmed Ansari
Juned Ahmed Ansari is a cyber security researcher based out of Mumbai. He currently leads the penetration testing and offensive security team in a prodigious MNC. Juned has worked as a consultant for large private sector enterprises, guiding them on their cyber security program. He has also worked with start-ups, helping them make their final product secure. Juned has conducted several training sessions on advanced penetration testing, which were focused on teaching students stealth and evasion techniques in highly secure environments. His primary focus areas are penetration testing, threat intelligence, and application security research.
Read more
See other products by Juned Ahmed Ansari
Right arrow icon

Other recommended products

Related to this chapter
Left arrow icon
Kali Linux Web Penetration Testing Cookbook
Kali Linux Web Penetration Testing Cookbook
Read more
Kali Linux is the most popular open-source penetration toolkit used for effective web penetration testing. This book will teach you, in the form of step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure.
Read more
Aug 2018 13h 28m
Burp Suite Cookbook
Burp Suite Cookbook
Read more
The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.
Read more
Sep 2018 11h 56m
Hands-On Application Penetration Testing with Burp Suite
Hands-On Application Penetration Testing with Burp Suite
Read more
Using Burp Suite, you can quickly build proof of concepts, extract data via an exploit, attack multiple end points in an application and even begin to script complex multi stage attacks. This book will provide a hands-on coverage on how you can get started with executing an application penetration test and be sure of the results.
Read more
Feb 2019 12h 12m
Learning Python Web Penetration Testing
Learning Python Web Penetration Testing
Read more
This book will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for every main activity in the process. It will show you how to test for security vulnerabilities in web applications just like security professionals and hackers do.
Read more
Jun 2018 4h 36m
Learn Kali Linux 2019
Learn Kali Linux 2019
Read more
The current trend of various hacking and security breaches displays how important it has become to pentest your environment, to ensure end point protection. This book will take you through the latest version of Kali Linux to efficiently deal with various crucial security aspects such as confidentiality, integrity, access control and authentication.
Read more
Nov 2019 18h 20m
Bug Bounty Hunting Essentials
Bug Bounty Hunting Essentials
Read more
Bug Bounty hunting is a new method which companies use to test their applications. There is no dedicated methodology in place right now to help researchers upskill themselves and become bug bounty hunters, that is why there is ambiguity as to what the field is about, the book solves that problem. The book allows readers to train themselves as bug bounty hunters to excel in the field of application security.
Read more
Nov 2018 9h 0m
Practical Security Automation and Testing
Practical Security Automation and Testing
Read more
Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention.
Read more
Feb 2019 8h 32m
Kali Linux Intrusion and Exploitation Cookbook
Kali Linux Intrusion and Exploitation Cookbook
Read more
Born from it predecessor, Kali Linux 2.0 is the most popular Linux distribution designed for security professionals who build defensive strategies around their systems with an offensive mindset. This book aims at introducing you to the most common and not -so- common pre-installed penetration testing tools and create custom complex images in the form of easy to follow recipes. Right Information gathering, vulnerability assessment & penetration testing for Web, wired and wireless Network this book will help you get grips on exploiting vulnerabilities in your system and fix those security anomalies in no time.
Read more
Apr 2017 17h 4m
SQL Injection Strategies
SQL Injection Strategies
Read more
Web Application Security is a relevant aspect nowadays. Many operations and transactions happen every day on the Worldwide Web, often relying on Databases. SQL Injection Strategies will both show you SQL injection in action, alongside defensive measures. The book also deals with SQL Injection scenarios in the IoT and mobile environments
Read more
Jul 2020 7h 0m
Hands-On Web Penetration Testing with Metasploit
Hands-On Web Penetration Testing with Metasploit
Read more
Metasploit is one of the best frameworks used for enumeration and exploitation of vulnerabilities. This book will not only give you a practical understanding of Metasploit but will also cover some less known modules and auxiliaries for pentesting Web Applications.
Read more
May 2020 18h 8m
Learn Penetration Testing
Learn Penetration Testing
Read more
A penetration test, also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF). This book teaches you various penetration testing techniques in order to become a proficient Penetration tester.
Read more
May 2019 14h 8m
ASP.NET Core 5 Secure Coding Cookbook
ASP.NET Core 5 Secure Coding Cookbook
Read more
There are various ways to fix an ASP.NET Core web application security flaw. However, very few books share expert advice relating to which approaches work best for ASP.NET Core apps – unlike this book. The ASP.NET Core Secure Coding Cookbook is your guide to tackling the most common ASP.NET Core web application vulnerabilities.
Read more
Jul 2021 10h 48m
Right arrow icon
Visually different images

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Cloud Security Handbook
Cloud Security Handbook
Read more
This book provides complete coverage of every cloud security aspect—from initial design to ongoing maintenance. Packed with best practices, it helps you smoothly transition to the public cloud, while keeping your environments secure and compliant.
Read more
Apr 2025 16h 4m
CompTIA CySA+ (CS0-003) Certification Guide
CompTIA CySA+ (CS0-003) Certification Guide
Read more
Prepare for CompTIA CySA+ (CS0-003) exam with this study guide—covering security ops, incident response, and vulnerability management in depth to level up your cybersecurity career. Includes exam-style questions, 2 practice tests, and flashcards.
Read more
Apr 2025 24h 44m
Cyber Security Kill Chain - Tactics and Strategies
Cyber Security Kill Chain - Tactics and Strategies
Read more
Learn how the cyber kill chain, a structured model that outlines the stages of a cyberattack, guides you through understanding threat actor behaviors and bolstering their ability to defend against evolving cyber threats.
Read more
May 2025 10h 16m
Right arrow icon