Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Web Penetration Testing with Kali Linux

You're reading from   Web Penetration Testing with Kali Linux Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit.

Arrow left icon
Product type Paperback
Published in Sep 2013
Publisher Packt
ISBN-13 9781782163169
Length 342 pages
Edition 1st Edition
Arrow right icon
Toc

Table of Contents (15) Chapters Close

Web Penetration Testing with Kali Linux
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
1. Penetration Testing and Setup FREE CHAPTER 2. Reconnaissance 3. Server-side Attacks 4. Client-side Attacks 5. Attacking Authentication 6. Web Attacks 7. Defensive Countermeasures 8. Penetration Test Executive Report Index

Chapter 1. Penetration Testing and Setup

Many organizations offer security services and use terms such as security audit, network or risk assessment, and Penetration Test with overlapping meanings. By definition, an audit is a measurable technical assessment of a system(s) or application(s). Security assessments are evaluations of risk, meaning services used to identify vulnerabilities in systems, applications, and processes.

Penetration Testing goes beyond an assessment by evaluating identified vulnerabilities to verify if the vulnerability is real or a false positive. For example, an audit or an assessment may utilize scanning tools that provide a few hundred possible vulnerabilities on multiple systems. A Penetration Test would attempt to attack those vulnerabilities in the same manner as a malicious hacker to verify which vulnerabilities are genuine reducing the real list of system vulnerabilities to a handful of security weaknesses. The most effective Penetration Tests are the ones that target a very specific system with a very specific goal. Quality over quantity is the true test of a successful Penetration Test. Enumerating a single system during a targeted attack reveals more about system security and response time to handle incidents than wide spectrum attack. By carefully choosing valuable targets, a Penetration Tester can determine the entire security infrastructure and associated risk for a valuable asset.

Note

Penetration Testing does not make networks more secure!

This is a common misinterpretation and should be clearly explained to all potential customers. Penetration Testing evaluates the effectiveness of existing security. If a customer does not have strong security then they will receive little value from Penetration Testing services. As a consultant, it is recommended that Penetration Testing services are offered as a means to verify security for existing systems once a customer believes they have exhausted all efforts to secure those systems and are ready to evaluate if there are any existing gaps in securing those systems.

Positioning a proper scope of work is critical when selling Penetration Testing services. The scope of work defines what systems and applications are being targeted as well as what toolsets may be used to compromise vulnerabilities that are found. Best practice is working with your customer during a design session to develop an acceptable scope of work that doesn't impact the value of the results.

Web Penetration Testing with Kali Linux—the next generation of BackTrack—is a hands-on guide that will provide you step-by-step methods for finding vulnerabilities and exploiting web applications. This book will cover researching targets, identifying and exploiting vulnerabilities in web applications as well as clients using web application services, defending web applications against common attacks, and building Penetration Testing deliverables for professional services practice. We believe this book is great for anyone who is interested in learning how to become a Penetration Tester, users who are new to Kali Linux and want to learn the features and differences in Kali versus BackTrack, and seasoned Penetration Testers who may need a refresher or reference on new tools and techniques.

This chapter will break down the fundamental concepts behind various security services as well as guidelines for building a professional Penetration Testing practice. Concepts include differentiating a Penetration Test from other services, methodology overview, and targeting web applications. This chapter also provides a brief overview of setting up a Kali Linux testing or real environment.

You have been reading a chapter from
Web Penetration Testing with Kali Linux
Published in: Sep 2013
Publisher: Packt
ISBN-13: 9781782163169
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime