Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Kali Linux 2018: Assuring Security by Penetration Testing Unleash the full potential of Kali Linux 2018, now with updated tools

Product type Paperback

Published in Oct 2018

Publisher

ISBN-13 9781789341768

Length 528 pages

Edition 4th Edition

Languages

Tools

Kali Linux

Concepts

Penetration Testing

Authors (7):

Alex Samm

Damian Boodoo

Tedi Heriyanto

Gerard Johansen

Shakeel Ali

Shiva V. N. Parasram

Lee Allen

+3 more

View More author details

Table of Contents (17) Chapters

Preface

1. Installing and Configuring Kali Linux

2. Setting Up Your Test Lab FREE CHAPTER

3. Penetration Testing Methodology

4. Footprinting and Information Gathering

5. Scanning and Evasion Techniques

6. Vulnerability Scanning

7. Social Engineering

8. Target Exploitation

9. Privilege Escalation and Maintaining Access

10. Web Application Testing

11. Wireless Penetration Testing

12. Mobile Penetration Testing with Kali NetHunter

13. PCI DSS Scanning and Penetration Testing

14. Tools for Penetration Testing Reporting

15. Assessments

16. Other Books You May Enjoy

Leave a review - let other readers know what you think

Summary

In this chapter, we took a look at some of the major tools used for web application testing and, by extension, cloud applications, as they are built on the same protocols and use many of the same platforms.

As you can tell, these vulnerabilities have a common root cause, that is, user input that is not sanitized or validated to ensure that the required data is being used for processing. Additionally, the exploitation of one vulnerability can allow for another to be exploited (directory traversal to file inclusion, as an example).

We looked at OWASP ZAP, Nikto, sqlmap, and Burp Suite to identify possible vulnerabilities, test for them, and exploit them. However, Kali comes with many other tools that can be used to do these tests and many can be used together.

Burp Suite and OWASP ZAP in particular are very powerful standalone tools that accomplish all that we've looked...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (7)

Shiva V. N. Parasram

Shiva V. N. Parasram is a cybersecurity and risk consultant with over 19 years of experience and is the executive director of the Computer Forensics and Security Institute (CFSI), which specializes in pentesting, Digital Forensics and Incident Response (DFIR), and advanced security training with a global reach. As the only Certified EC-Council Instructor (CEI) in the Caribbean, he has trained thousands and is the founder of the CFSI CyberFence program. Shiva is also the author of three other books from Packt Publishing and has delivered workshops regionally and globally for ISACA, ISC2, universities, and security agencies. He is also a Security Risk Manager Consultant for PTRMS (Canada) positioned within a global financial institution, and a cybersecurity mentor at Springboard (US).

See other products by Shiva V. N. Parasram

Ali

Shakeel Ali is a senior cybersecurity consultant at a global Fortune 500 organization. His expertise in the security industry markedly exceeds the standard number of security assessments, audits, attack simulations, SOC/CSIRC facilitation, incident response, and forensic projects that he carries out in day-to-day operations. He is an independent researcher who writes various articles and white papers to provide insights into threat intelligence, and also provides constant security support to various businesses globally.

See other products by Ali

Heriyanto

Tedi Heriyanto currently works as an information security analyst at a Fortune 500 company. He has experience of designing secure network architectures, deploying and managing enterprise-wide security systems, developing information security policies and procedures, performing various network, web, and mobile application penetration testing, and giving information security training. In his spare time, he deepens his knowledge and skills in information fields.

See other products by Heriyanto

Allen

Lee Allen is the associate director at Ohio State University. He specializes in information security, penetration testing, security research, task automation, risk management, data analysis, and 3D application development.

See other products by Allen

Boodoo

Damian Boodoo is a penetration tester and security researcher who wants to live in a world where people have safer networks and don't live in fear of evildoers. With more than 10 years' experience of working in IT, he is the co-founder of DKIT Solutions, who provide security services and other creative solutions to problems that are commonly overlooked. When he's not obsessing over zero days or finding holes in firewalls, he spend his time either tinkering with devices to see how they can be made better or pondering "is it too late to make it into e-sports?"

See other products by Boodoo

Alex Samm

Alex Samm is an IT and computer security professional with 11 years' experience. He's currently working for ESP Global Services. His roles includes system and network administrator, programmer, VMware infrastructure support engineer, and security consultant, among others, for many of the world's largest airlines and pharmaceutical companies, including Roche Diabetes, Norvatis, Ingredion, and Shire Pharmaceuticals. He holds a BSc in Computer Science and CEH, ACE, AME, and NSE, and is currently pursuing OSCP. He also lectures at the Computer Forensics and Security Institute.

See other products by Alex Samm

Gerard Johansen

Gerard Johansen is an incident response professional with over 15 years' experience in areas like penetration testing, vulnerability management, threat assessment modeling, and incident response. Beginning his information security career as a cyber crime investigator, he has built on that experience while working as a consultant and security analyst for clients and organizations ranging from healthcare to finance. Gerard is a graduate of Norwich University's Master of Science in Information Assurance program and a certified information systems security professional. He is currently employed as a senior incident response consultant with a large technology company, focusing on incident detection, response, and threat intelligence integration.

See other products by Gerard Johansen