Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Practical Web Penetration Testing
Practical Web Penetration Testing

Practical Web Penetration Testing: Secure web applications using Burp Suite, Nmap, Metasploit, and more

eBook
€17.99 €26.99
Paperback
€32.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Practical Web Penetration Testing

Kali Linux Installation

So, you are new to the Kali Linux world, right? (If you have ever installed Kali Linux before, you can skip this chapter.) Welcome to the toy of hackers: Kali Linux. Are you excited? You haven't seen anything yet! This amazing operating system will take you to a higher level of security achievements.

By the end of this chapter, you will know how to install Kali Linux; in the next chapter, you will delve deeply into using the operating system.

We have already created the victim machine (Mutillidae host), so now it's time to create the attacking machine. In this chapter, we will cover:

  • An introduction to Kali Linux
  • How to install Kali Linux from scratch
  • How to install Kali on VMware
  • How to install Kali on VirtualBox

Introducing Kali Linux

What exactly is Kali Linux?

Kali Linux (previously called BackTrack) is a free, open source, Debian-based Linux distribution. This operating system has hundreds of applications installed, which can help us to conduct a successful penetration test.

And, guess what? Kali Linux is used by bad hackers (also known as black hat hackers), too. This means that we (security professionals) will have more accurate results, because we are using the same tools that the bad guys use to compromise systems.

You can install this beast on any virtualization host (VMware, VirtualBox, or HyperV). Also, you can install it on an ARM processor-based computer, like the Raspberry Pi.

Finally, you need to know that Kali Linux is developed, funded, and maintained by Offensive Security, and you can visit their site at https://www.Kali.org.

...

Installing Kali Linux from scratch

Let's suppose that you have a laptop or a dedicated host, and you want to install Kali Linux. Follow the steps in this section, and you can install this monster on your machine. Also, you can install a fresh copy on a virtual machine (if you want to learn the details of the installation process yourself), but Kali Linux offers pre-built VMs, which we will learn about later in this chapter:

  1. First, you need to download Kali. Simply browse to https://www.kali.org/downloads, and you will land on the download page for this operating system (OS).
  2. I will choose the 2018.1 64 bit version, and will click on the HTTP link to download it directly to my machine. After the download has completed, you will need to copy the ISO file to a bootable USB drive. You're probably asking yourself this question: how do I make my USB bootable? There is a Windows...

Installing Kali on VMware

If you have VMware and you want to install Kali Linux on it, then this section is for you. In the previous section, you saw how to install Kali from scratch, but you don't need to do that if you have VMware. All you need to do is download the image file and import it into VMware, and you're good to go:

  1. To download the VMware image file, go to https://www.kali.org/downloads and scroll down a little bit, until you see the following section:
  1. Follow the link to the Offensive Security Download Page. On this page, you will see a table that contains the virtual image copies of VMware:
  1. Choose either the 32- or 64-bit version, and download it locally to your machine. Then, you will need to import it into VMware, so locate the File menu (click on it) and then click on Open:
  1. A dialog window will show up, and you should select your downloaded...

Installing Kali on VirtualBox

VirtualBox is a very popular virtualization product, because it's free and it offers professional features. You will probably use VirtualBox for your virtualization environment. My base machine is either Windows or macOS, and I have VirtualBox installed on top of it, so I can use Kali Linux for my penetration testing tasks.

Kali offers us pre-built images for VirtualBox, so all we need to do is import them and start using Kali right away. Amazing, right? See the following steps:

  1. To download the VirtualBox image file, go to https://www.kali.org/downloads and scroll down a little bit, until you see the following section:
  1. Follow the link to the Offensive Security Download page. On that page, you will see a table that contains the virtual image copies for VirtualBox:
  1. Choose either the 32- or the 64-bit version, and download it locally to your...

Bridged versus NAT versus Internal Network

People are totally confused regarding how the network configurations in VirtualBox and VMware work. The three most popular configurations are Bridged, NAT, and Internal Network.

Let's start with the easiest option, which is the Bridged network. This architecture will let your Kali Linux connect directly to your network (LAN), and will get an automatic IP address from your home router. So, if your network is 192.168.0.0, then your Kali IP address will be something like 192.168.0.x (for example, 192.168.0.101). Now, you can interact with the machines on your network by using Kali Linux:

Some people are afraid of connecting Kali to the network, because it's open to personal computers. If you're anxious about it, you can choose NAT or NAT Network (on VirtualBox). If you're using VirtualBox, then use an NAT Network instead...

Updating Kali Linux

Before you start using your Kali Linux machine, you need to make sure that you're up to date. The command to update Kali Linux is straightforward, and you will get used to it, since you will have to execute it at least once a week, or before installing any new application:

apt-get update
apt-get upgrade -y
reboot

The -y in the upgrade command will accept the prompts automatically. You will not need to press the letter Y every time the upgrade asks you a question.

You are probably curious to know where the configuration file for the update repositories is located in Kali. The path to the configuration file is /etc/apt/sources.list (the # at the beginning of a line means it's commented):

Summary

At this stage, you're ready to start using Kali Linux. In the next chapter, you will take your skills to the next level by starting to master the use of this operating system.

I like to keep the summary short and not bore you with useless details. I hope that you enjoyed this chapter, and that you learned how to download and install Kali Linux from scratch. I'm assuming that you learned how to install Kali on VMware, or VirtualBox; don't forget to install the additional tools for both.

As a final note, don't forget to update your Kali Linux host before moving onto the next chapter.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • •Build an end-to-end threat model landscape for web application security
  • •Learn both web application vulnerabilities and web intrusion testing
  • •Associate network vulnerabilities with a web application infrastructure

Description

Companies all over the world want to hire professionals dedicated to application security. Practical Web Penetration Testing focuses on this very trend, teaching you how to conduct application security testing using real-life scenarios. To start with, you’ll set up an environment to perform web application penetration testing. You will then explore different penetration testing concepts such as threat modeling, intrusion test, infrastructure security threat, and more, in combination with advanced concepts such as Python scripting for automation. Once you are done learning the basics, you will discover end-to-end implementation of tools such as Metasploit, Burp Suite, and Kali Linux. Many companies deliver projects into production by using either Agile or Waterfall methodology. This book shows you how to assist any company with their SDLC approach and helps you on your journey to becoming an application security specialist. By the end of this book, you will have hands-on knowledge of using different tools for penetration testing.

Who is this book for?

Practical Web Penetration Testing is for you if you are a security professional, penetration tester, or stakeholder who wants to execute penetration testing using the latest and most popular tools. Basic knowledge of ethical hacking would be an added advantage.

What you will learn

  • •Learn how to use Burp Suite effectively
  • •Use Nmap, Metasploit, and more tools for network infrastructure tests
  • •Practice using all web application hacking tools for intrusion tests using Kali Linux
  • •Learn how to analyze a web application using application threat modeling
  • •Know how to conduct web intrusion tests
  • •Understand how to execute network infrastructure tests
  • •Master automation of penetration testing functions for maximum efficiency using Python

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 22, 2018
Length: 294 pages
Edition : 1st
Language : English
ISBN-13 : 9781788628723
Vendor :
Offensive Security
Category :
Concepts :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Jun 22, 2018
Length: 294 pages
Edition : 1st
Language : English
ISBN-13 : 9781788628723
Vendor :
Offensive Security
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 111.97
Practical Web Penetration Testing
€32.99
Advanced Infrastructure Penetration Testing
€36.99
Web Penetration Testing with Kali Linux
€41.99
Total 111.97 Stars icon

Table of Contents

17 Chapters
Building a Vulnerable Web Application Lab Chevron down icon Chevron up icon
Kali Linux Installation Chevron down icon Chevron up icon
Delving Deep into the Usage of Kali Linux Chevron down icon Chevron up icon
All About Using Burp Suite Chevron down icon Chevron up icon
Understanding Web Application Vulnerabilities Chevron down icon Chevron up icon
Application Security Pre-Engagement Chevron down icon Chevron up icon
Application Threat Modeling Chevron down icon Chevron up icon
Source Code Review Chevron down icon Chevron up icon
Network Penetration Testing Chevron down icon Chevron up icon
Web Intrusion Tests Chevron down icon Chevron up icon
Pentest Automation Using Python Chevron down icon Chevron up icon
Nmap Cheat Sheet Chevron down icon Chevron up icon
Metasploit Cheat Sheet Chevron down icon Chevron up icon
Netcat Cheat Sheet Chevron down icon Chevron up icon
Networking Reference Section Chevron down icon Chevron up icon
Python Quick Reference Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.2
(5 Ratings)
5 star 80%
4 star 0%
3 star 0%
2 star 0%
1 star 20%
Sebastien Oct 24, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
It is a great book for learning and improving in Web application Pentesting!Great reference for the Web Application challenges on the Internet. I also use it as a reference for the University web application security class.Highly recommended!
Amazon Verified review Amazon
Kartik Sep 30, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Coool books for newbies who are new to this area
Amazon Verified review Amazon
Ernesto Guevara Gonzaga Jul 08, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Es un buen libro para comenzar
Amazon Verified review Amazon
Hudney Piquant Aug 01, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is truly practical. Gus is a great teacher and is very detailed as well. One of my favorite chapter is his break down of how to use Burp Suite. With this book I was able to implement many things for my current project at work. Thanks again Gus.
Amazon Verified review Amazon
D. Garland Mar 05, 2020
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
For those who want a TL:DR - waste of money, filled with information that can be found freely on the internet, provides tutorials on licensed ($400 USD) Burp Suite (not the free version), the last 15% of the book is nothing but cheat sheets for common pen-testing tools (again, free on the internet).Most of the work is a compilation of information that can be freely found using any search engine. I bought this primarily as a beginners introduction to pen-testing websites using Burp Suite. Obviously, the author has a licensed version of Burp Suite and if you want to follow along with the book you'll need to shell out $400 for a Burp Suite license. Otherwise, you aren't going to get much out of that section.There a few examples of how to exploit the OWASP Mutillidae website that the book has you setup. Again, information you can get for free on the internet and even directly from the Mutillidae website itself.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.