Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Kali Linux for Web Penetration Testing

You're reading from   Mastering Kali Linux for Web Penetration Testing The ultimate defense against complex organized threats and attacks

Arrow left icon
Product type Paperback
Published in Jun 2017
Publisher Packt
ISBN-13 9781784395070
Length 338 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Michael McPhee Michael McPhee
Author Profile Icon Michael McPhee
Michael McPhee
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Common Web Applications and Architectures FREE CHAPTER 2. Guidelines for Preparation and Testing 3. Stalking Prey Through Target Recon 4. Scanning for Vulnerabilities with Arachni 5. Proxy Operations with OWASP ZAP and Burp Suite 6. Infiltrating Sessions via Cross-Site Scripting 7. Injection and Overflow Testing 8. Exploiting Trust Through Cryptography Testing 9. Stress Testing Authentication and Session Management 10. Launching Client-Side Attacks 11. Breaking the Application Logic 12. Educating the Customer and Finishing Up

Summary

Since this is a book on mastering Kali Linux for the purposes of conducting web application penetration tests, it may have come as a surprise that we started with foundational topics such as the architecture, security elements, and so on. It is my hope that covering these topics will help set us apart from the script-kiddies that often engage in pen testing but offer minimal value. Anyone can fire up Kali Linux or some other distribution and begin hacking away, but without this foundation, our tests run the risk of being incomplete or inaccurate. Our gainful employment is dependent on actually helping the customer push their network to their (agreed upon) limits and helping them see their weaknesses. Likewise, we should also be showing them what they are doing right. John Strand, owner and analyst at Black Hills Information Security, is fond of saying that we should strive to get caught after being awesome.

While the knowledge of the tools and underlying protocols is often what sets a serious hacker apart from a newbie, it is also the knowledge of their quarry and the depth of the service they provide. If we are merely running scripts for the customer and reporting glaring issues, we are missing the point of being a hired penetration tester. Yes, critical flaws need to be addressed, but so do the seemingly smaller ones. It takes an expert to detect a latent defect that isn't impacting the performance now but will result in a major catastrophe some time later. This not only holds true for power plants, but for our web applications. We need to not just show them what they can see on their own, but take it further to help them insulate against tomorrow's attacks.

In this chapter, we discussed some architectural concepts that may help us gain better insight into our targets. We also discussed the various security measures our customers can put into place that we will need to be aware of, both to plan our attacks and to test for efficacy. Our discussion also covered the importance of testing throughout the lifecycle of the application. Doing this saves both time and money, and can certainly save the reputation and minimize risk once the application is in production. These considerations should merit having penetration testers as a vital and permanent member of any development team.

In our next chapter, we will talk briefly about how to prepare a fully featured sandbox environment that can help us practice the test concepts. We'll also discuss the leading test frameworks that can help us provide comprehensive test coverage. Lastly, we'll discuss contracts and the ethical and legal aspects of our job; staying out of jail is a key objective.

You have been reading a chapter from
Mastering Kali Linux for Web Penetration Testing
Published in: Jun 2017
Publisher: Packt
ISBN-13: 9781784395070
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image