"It was a wonderful experience interacting with you and appreciate the way you have planned and executed the whole publication process within the agreed timelines.”
Subrat SaurabhAuthor of Kuch Woh Pal
Burp Suite is an integrated platform/graphical tool for performing security testing of web applications.
Various examples are outlined in this report for different types of vulnerabilities such as: SQL injection, Cross Site Request Forgery (CSRF), Cross-site scripting, File upload, Local and Remote File Inclusion. I tested various types of penetration testing tools in order to exploit different types of vulnerabilities. The report consists from the following parts:
1. Installing and Configuring BurpSuite
2. BurpSuite Intruder.
3. Installing XMAPP and DVWA App in Windows System.
4. Installing PHP, MySQL, Apache2, Python and DVWA App in Kali Linux.
5. Scanning Kali-Linux and Windows Using .
6. Understanding Netcat, Reverse Shells and Bind Shells.
7. Adding Burps Certificate to Browser.
8. Setting up Target Scope in BurpSuite.
9. Scanning Using BurpSuite.
10. Scan results for SQL Injection Vulnerability with BurpSuite and Using SQLMAP to Exploit the SQL injection.
11. Scan Results for Operating System Command Injection Vulnerability with BurpSuite and Using Commix to Exploit the OS Command Injection.
12. Scan Results for Cross Side Scripting (XSS) Vulnerability with BurpSuite, Using Xserve to exploit XSS Injection and Stealing Web Login Session Cookies through the XSS Injection.
13. Exploiting File Upload Vulnerability.
14: Exploiting Cross Site Request Forgery (CSRF) Vulnerability.
15. Exploiting File Inclusion Vulnerability.
16. References.
Dr. Hidaia Mahmood Alassouli
I am Dr. Hidaia Mahmood Mohamed Alassouli. I completed my PhD degree in Electrical Engineering from Czech Technical University by February 2003, and my M. Sc. degree in Electrical Engineering from Bahrain University by June 1995. I completed also one study year of most important courses in telecommunication and computer engineering courses in Islamic university in Gaza. So, I covered most important subjects in Electrical Engineering, Computer Engineering and Telecommunications Engineering during my study. My nationality is Palestinian from Gaza Strip.
I obtained a lot of certified courses in MCSE, SPSS, Cisco (CCNA), A+, Linux.
I worked as Electrical, Telecommunicating and Computer Engineer in a lot of institutions. I worked also as a computer networking administrator.
I had considerable undergraduate teaching experience in several types of courses in many universities. I handled teaching the most important subjects in Electrical and Telecommunication and Computer Engineering.
I could publish a lot of papers a top-tier journals and conference proceedings, besides I published a lot of books in Publishing and Distribution houses.
I wrote a lot of important Arabic articles on online news websites. I also have my own magazine website that I publish on it all my articles: http://www.anticorruption.000space.com
I am an Author publishing books on kdp.amazon.comand many other book stores such as Google, Apple.com, writinglife.kobo.com, Lulu.com, feiyr.com, blurb.com, bookrix.com, barnesandnoble.com, notionpress.com, ingramspark.com and others .
My personal website: http://www.hidaia-alassouli.000space.com
My Amazon Author Central: https://www.amazon.com/-/e/B07BH5HS7L
Email: hidaia_alassouli@hotmail.com
