Preface

Web applications are where customers and businesses meet. On the internet, a very large proportion of the traffic is now between servers and clients, and the power and trust placed in each application while exposing them to the outside world makes them a popular target for adversaries to steal, eavesdrop, or cripple businesses and institutions. As penetration testers, we need to think like the attacker to better understand, test, and make recommendations for the improvement of those web apps. There are many tools to fit any budget, but Kali Linux is a fantastic and industry-leading open source distribution that can facilitate many of these functions for free. Tools Kali provides, along with standard browsers and appropriate plugins, enable us to tackle most web penetration testing scenarios. Several organizations provide wonderful training environments that can be paired with a Kali pen testing box to train and hone their web pen testing skills in safe environments. These can ensure low-risk experimentation with powerful tools and features in Kali Linux that go beyond a typical script-kiddie approach. This approach assists ethical hackers in responsibly exposing, identifying, and disclosing weaknesses and flaws in web applications at all stages of development. One can safely test using these powerful tools, understand how to better identify vulnerabilities, position and deploy exploits, compromise authentication and authorization, and test the resilience and exposure applications possess. At the end, the customers will be better served with actionable intelligence and guidance that will help them secure their application and better protect their users, information, and intellectual property.