To get the most out of this book you need to know the basics of ethical hacking and you will need to build a lab. You will need a virtual machine software (for example, VirtualBox or VMware) for the virtualization of the lab environment. To follow the examples, you will also need to install Kali Linux. Don't worry, I will discuss how to do it in Chapter 2, Kali Linux Installation. Kali Linux will be the attacker machine that we will use to test the security of the victim's machine. Speaking of the victim host, I encourage you to install a Windows 7 virtual machine where you will install a vulnerable web application called Mutillidae. Again, I will walk you through all the steps of building the vulnerable host in Chapter 1, Building a Vulnerable Web Application Lab. Finally, I will be using Burp Suite Professional Edition, but you can follow along with the free edition of this tool. That being said, all the tools that we are going to use for the security tests are already installed by default on Kali Linux.
To get the most out of this book
Download the example code files
You can download the example code files for this book from your account at www.packtpub.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.
You can download the code files by following these steps:
- Log in or register at www.packtpub.com.
- Select the SUPPORT tab.
- Click on Code Downloads & Errata.
- Enter the name of the book in the Search box and follow the onscreen instructions.
Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:
- WinRAR/7-Zip for Windows
- Zipeg/iZip/UnRarX for Mac
- 7-Zip/PeaZip for Linux
The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Practical-Web-Penetration-Testing. In case there's an update to the code, it will be updated on the existing GitHub repository.
We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
Download the color images
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/PracticalWebPenetrationTesting_ColorImages.pdf.
Conventions used
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "The -y in the upgrade command will accept the prompts automatically."
A block of code is set as follows:
class ServiceDTO:
# Class Constructor
def __init__(self, port, name, description):
self.description = description
self.port = port
self.name = name
Any command-line input or output is written as follows:
meterpreter > getsystem
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Click on Continue, and your system will reboot."
