Web Penetration Testing with Kali Linux: A practical guide to implementing penetration testing
strategies on websites, web applications, and standard
web protocols with Kali Linux
Download
Introduction
Kali is a Debian Linux based Penetration Testing arsenal used by security
professionals (and others) to perform security assessments. Kali offers a
range of toolsets customized for identifying and exploiting vulnerabilities in
systems. This book is written leveraging tools available in Kali Linux released
March 13th, 2013 as well as other open source applications.
Web Penetration Testing with Kali Linux is designed to be a guide for professional
Penetration Testers looking to include Kali in a web application penetration
engagement. Our goal is to identify the best Kali tool(s) for a specific assignment,
provide details on using the application(s), and offer examples of what information
could be obtained for reporting purposes based on expert field experience. Kali has
various programs and utilities; however, this book will focus on the strongest tool(s)
for a specific task at the time of publishing.
The chapters in this book are divided into tasks used in real world web application
Penetration Testing. Chapter 1, Penetration Testing and Setup, provides an overview
of Penetration Testing basic concepts, professional service strategies, background
on the Kali Linux environment, and setting up Kali for topics presented in this book.
Chapters 2-6, cover various web application Penetration Testing concepts including
configuration and reporting examples designed to highlight if topics covered can
accomplish your desired objective.
Chapter 7, Defensive Countermeasures, serves as a remediation source on systems
vulnerable to attacks presented in previous chapters. Chapter 8, Penetration Test
Executive Report, offers reporting best practices and samples that can serve as
templates for building executive level reports. The purpose of designing the book in
this fashion is to give the reader a guide for engaging a web application penetration
with the best possible tool(s) available in Kali, offer steps to remediate a vulnerability
and provide how data captured could be presented in a professional manner.
What this book covers
Chapter 1, Penetration Testing and Setup, covers fundamentals of building a
professional Penetration Testing practice. Topics include differentiating a
Penetration Test from other services, methodology overview, and targeting
web applications. This chapter also provides steps used to set up a Kali
Linux environment for tasks covered in this book.
Chapter 2, Reconnaissance, provides various ways to gather information about a
target. Topics include highlighting popular free tools available on the Internet as
well as Information Gathering utilities available in Kali Linux.
Chapter 3, Server Side Attacks, focuses on identifying and exploiting vulnerabilities
in web servers and applications. Tools covered are available in Kali or other open
source utilities.
Chapter 4, Client Side Attacks, targets hosts systems. Topics include social engineering,
exploiting host system vulnerabilities, and attacking passwords, as they are the most
common means to secure host systems.
Chapter 5, Attacking Authentication, looks at how users and devices authenticate to web
applications. Topics include targeting the process of managing authentication sessions,
compromising how data is stored on host systems, and man-in-the-middle attack
techniques. This chapter also briefly touches on SQL and Cross-Site Scripting attacks.
Chapter 6, Web Attacks, explores how to take advantage of web servers and
compromise web applications using exploits such as browser exploitation, proxy
attacks, and password harvesting. This chapter also covers methods to interrupt
services using denial of service techniques.
Chapter 7, Defensive Countermeasures, provides best practices for hardening your
web applications and servers. Topics include security baselines, patch management,
password policies, and defending against attack methods covered in previous
chapters. This chapter also includes a focused forensics section, as it is important
to properly investigate a compromised asset to avoid additional negative impact.
Chapter 8, Penetration Test Executive Report, covers best practices for developing
professional post Penetration Testing service reports. Topics include an overview
of methods to add value to your deliverable, document formatting, and templates
that can be used to build professional reports.
What you need for this book
Readers should have a basic understanding of web applications, networking
concepts, and Penetration Testing methodology. This book will include detailed
examples of how to execute an attack using tools offered in Kali Linux as well as
other open source applications. It is not required but beneficial to have experience
using previous versions of Backtrack or similar programs.
Hardware requirements for building a lab environment and setting up the Kali
Linux arsenal are covered in Chapter 1, Penetration Testing and Setup.
Who this book is for
The target audience for this book are professional Penetration Testers or others
looking to maximize Kali Linux for a web server or application Penetration Testing
exercise. If you are looking to identify how to perform a Penetration Test against
web applications and present findings to a customer is a professional manner then
this book is for you.
Home Operating System Web Penetration Testing with Kali Linux