Python: Penetration Testing for Developers by Dave Mound
Privacy Policy
Read using
(price excluding SST)
Author:
Dave Mound
Category:
Engineering & IT
ISBN:
9781787120976
Publisher:
Packt Publishing
File Size:
24.98 MB
(price excluding SST)
Synopsis
Key FeaturesSharpen your pentesting skills with PythonDevelop your fluency with Python to write sharper scripts for rigorous security testingGet stuck into some of the most powerful tools in the security worldBook DescriptionCybercriminals are always one step ahead, when it comes to tools and techniques. This means you need to use the same tools and adopt the same mindset to properly secure your software. This course shows you how to do just that, demonstrating how effective Python can be for powerful pentesting that keeps your software safe. Comprising of three key modules, follow each one to push your Python and security skills to the next level.In the first module, well show you how to get to grips with the fundamentals. This means youll quickly find out how to tackle some of the common challenges facing pentesters using custom Python tools designed specifically for your needs. Youll also learn what tools to use and when, giving you complete confidence when deploying your pentester tools to combat any potential threat.In the next module youll begin hacking into the application layer. Covering everything from parameter tampering, DDoS, XXS and SQL injection, it will build on the knowledge and skills you learned in the first module to make you an even more fluent security expert.Finally in the third module, youll find more than 60 Python pentesting recipes. We think this will soon become your trusted resource for any pentesting situation.This Learning Path combines some of the best that Packt has to offer in one complete, curated package. It includes content from the following Packt products:Learning Penetration Testing with Python by Christopher DuffyPython Penetration Testing Essentials by MohitPython Web Penetration Testing Cookbook by Cameron Buchanan,Terry Ip, Andrew Mabbitt, Benjamin May and Dave MoundWhat you will learnFamiliarize yourself with the generation of Metasploit resource files and use the Metasploit Remote Procedure Call to automate exploit generation and executionExploit the Remote File Inclusion to gain administrative access to systems with Python and other scripting languagesCrack an organizations Internet perimeter and chain exploits to gain deeper access to an organizations resourcesExplore wireless traffic with the help of various programs and perform wireless attacks with Python programsGather passive information from a website using automated scripts and perform XSS, SQL injection, and parameter tampering attacksDevelop complicated header-based attacks through PythonAbout the AuthorChristopher Duffy currently leads cybersecurity and penetration testing engagements globally. He has a specialization in advanced technical testing, including penetration testing and security assessment done to evaluate an organizations security strategy from a malicious actors perspective. He has worked a lot with both network and system engineering teams to evaluate critical system data flows, and identified areas where controls can be put in place to prevent a breach of sensitive or critical data. His work with multiple organizations has been key to protecting resources based on the information they have held, which has helped reduce risks while maintaining resilient and cost-effective security postures.Chris has over 12 years of experience in the information technology and security areas, including security consultation, with a focus on business risk. He has helped build advanced attack and penetration teams. The work that his teams have done has encompassed everything from threat modeling and penetration tests to firewall reviews and FedRAMP readiness assessments.Chris has led, managed, and executed over 400 engagements for Fortune 500 companies, U.S. government entities, medical providers and payers, educational institutes, financial services, research organizations, and cloud providers. For almost a decade prior to private sector work, Chris was a cyber warfare specialist, senior systems engineer, and network infrastructure supervisor for the United States Air Force (USAF).He has been honored with numerous technical and leadership awards. Some of these include the (ISC)2 Information Security Leadership Award (ISLA) for the information security practitioner category in 2013, the noncommissioned officer of the year (both at the base and wing levels) in 2011, and the top technician within the cyber transport career field for the United States Air Force (USAF) Intelligence Surveillance and Reconnaissance Agency. He is a distinguished graduate of USAF network warfare training and has publications to his credit in SANS Reading Room, Hackin9 magazine, eForensics magazine and PenTest magazine. He holds 23 certifications, a degree in computer science, and a masters degree in information security and assurance.Mohit (mohitraj.cs@gmail.com ) is a Python programmer with a keen interest in the field of information security. He has completed his Bachelors in technology in computer science from Kurukshetra University, Kurukshetra, and Masters in engineering (2012) in computer science from Thapar University, Patiala. He is a C|EH, ECSA from EC-Council USA and former IBMer. He has published several articles in national and international magazines. He is the author Python Penetration Testing Essentials, also by Packt Publishing.His LinkedIn profile is https://in.linkedin.com/in/mohit-raj-990a852a.Cameron Buchanan is a penetration tester by trade and a writer in his spare time. He has performed penetration tests around the world for a variety of clients across many industries. Previously, he was a member of the RAF. In his spare time, he enjoys doing stupid things, such as trying to make things fly, getting electrocuted, and dunking himself in freezing cold water. He is married and lives in London.Terry Ip is a security consultant. After nearly a decade of learning how to support IT infrastructure, he decided that it would be much more fun learning how to break it instead. He is married and lives in Buckinghamshire, where he tends to his chickens.Andrew Mabbitt is a penetration tester living in London, UK. He spends his time beating down networks, mentoring, and helping newbies break into the industry. In his free time, he loves to travel, break things, and master the art of sarcasm.Benjamin May is a security test engineer from Cambridge. He studied computing for business at Aston University. With a background in software testing, he recently combined this with his passion for security to create a new role in his current company. He has a broad interest in security across all aspects of the technology field, from reverse engineering embedded devices to hacking with Python and participating in CTFs. He is a husband and a father.Dave Mound is a security consultant. He is a Microsoft Certified Application Developer but spends more time developing Python programs these days. He has been studying information security since 1994 and holds the following qualifications: C|EH, SSCP, and MCAD. He recently studied for OSCP certification but is still to appear for the exam. He enjoys talking and presenting and is keen to pass on his skills to other members of the cyber security community.When not attached to a keyboard, he can be found tinkering with his 1978 Chevrolet Camaro. He once wrestled a bear and was declared the winner by omoplata.Table of ContentsUnderstanding the Penetration Testing MethodologyThe Basics of Python ScriptingIdentifying Targets with Nmap, Scapy, and PythonExecuting Credential Attacks with PythonExploiting Services with PythonAssessing Web Applications with PythonCracking the Perimeter with PythonExploit Development with Python, Metasploit, and ImmunityAutomating Reports and Tasks with PythonAdding Permanency to Python ToolsPython with Penetration Testing and NetworkingScanning PentestingSniffing and Penetration TestingWireless PentestingFoot Printing of a Web Server and a Web ApplicationClient-side and DDoS AttacksPentesting of SQLI and XSSGathering Open Source IntelligenceEnumerationVulnerability IdentificationSQL InjectionWeb Header ManipulationImage Analysis and ManipulationEncryption and EncodingPayloads and ShellsReportingBibliography
Reviews
Be the first to review this e-book.
Write your review
Wanna review this e-book? Please Sign in to start your review.