Learning Python Web Penetration Testing
Automate web penetration testing activities using Python
Christian Martorella
- 138 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
Learning Python Web Penetration Testing
Automate web penetration testing activities using Python
Christian Martorella
About This Book
Leverage the simplicity of Python and available libraries to build web security testing tools for your application
Key Features
- Understand the web application penetration testing methodology and toolkit using Python
- Write a web crawler/spider with the Scrapy library
- Detect and exploit SQL injection vulnerabilities by creating a script all by yourself
Book Description
Web penetration testing is the use of tools and code to attack a website or web app in order to assess its vulnerability to external threats. While there are an increasing number of sophisticated, ready-made tools to scan systems for vulnerabilities, the use of Python allows you to write system-specific scripts, or alter and extend existing testing tools to find, exploit, and record as many security weaknesses as possible. Learning Python Web Penetration Testing will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for each activity throughout the process. The book begins by emphasizing the importance of knowing how to write your own tools with Python for web application penetration testing. You will then learn to interact with a web application using Python, understand the anatomy of an HTTP request, URL, headers and message body, and later create a script to perform a request, and interpret the response and its headers. As you make your way through the book, you will write a web crawler using Python and the Scrappy library. The book will also help you to develop a tool to perform brute force attacks in different parts of the web application. You will then discover more on detecting and exploiting SQL injection vulnerabilities. By the end of this book, you will have successfully created an HTTP proxy based on the mitmproxy tool.
What you will learn
- Interact with a web application using the Python and Requests libraries
- Create a basic web application crawler and make it recursive
- Develop a brute force tool to discover and enumerate resources such as files and directories
- Explore different authentication methods commonly used in web applications
- Enumerate table names from a database using SQL injection
- Understand the web application penetration testing methodology and toolkit
Who this book is for
Learning Python Web Penetration Testing is for web developers who want to step into the world of web application security testing. Basic knowledge of Python is necessary.
Frequently asked questions
Information
Interacting with Web Applications
- HTTP protocol basics
- Anatomy of an HTTP request
- Interacting with a web app using the requests library
- Analyzing HTTP responses
HTTP protocol basics
What is HTTP and how it works?
- HTTP/1.0: This uses a new connection for each request/response transaction
- HTTP/1.1: This is where the connection can be used by one or more request response transactions
- HEAD: This will only return the headers and the status code without its content
- GET: This is the standard method used to retrieve resource content given a URI
- POST: This is a method used to submit content to the server, form data, files, and so on
- OPTIONS: This provides the communication options for the target resource
- PUT: This requests to store a resource identified by the given URI
- DELETE: This removes all representations of the target resource identified by the given URI
- TRACE: This method echoes the received request so that the client can see what changes or editions have been made by intermediate servers
- CONNECT: This establishes a tunnel to the server identified by a given URI used by HTTPS
- PATCH: This method applies partial modifications to a resource