Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Practical Web Penetration Testing
Practical Web Penetration Testing

Practical Web Penetration Testing: Secure web applications using Burp Suite, Nmap, Metasploit, and more

eBook
€17.99 €26.99
Paperback
€32.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Table of content icon View table of contents Preview book icon Preview Book

Practical Web Penetration Testing

Kali Linux Installation

So, you are new to the Kali Linux world, right? (If you have ever installed Kali Linux before, you can skip this chapter.) Welcome to the toy of hackers: Kali Linux. Are you excited? You haven't seen anything yet! This amazing operating system will take you to a higher level of security achievements.

By the end of this chapter, you will know how to install Kali Linux; in the next chapter, you will delve deeply into using the operating system.

We have already created the victim machine (Mutillidae host), so now it's time to create the attacking machine. In this chapter, we will cover:

  • An introduction to Kali Linux
  • How to install Kali Linux from scratch
  • How to install Kali on VMware
  • How to install Kali on VirtualBox

Introducing Kali Linux

What exactly is Kali Linux?

Kali Linux (previously called BackTrack) is a free, open source, Debian-based Linux distribution. This operating system has hundreds of applications installed, which can help us to conduct a successful penetration test.

And, guess what? Kali Linux is used by bad hackers (also known as black hat hackers), too. This means that we (security professionals) will have more accurate results, because we are using the same tools that the bad guys use to compromise systems.

You can install this beast on any virtualization host (VMware, VirtualBox, or HyperV). Also, you can install it on an ARM processor-based computer, like the Raspberry Pi.

Finally, you need to know that Kali Linux is developed, funded, and maintained by Offensive Security, and you can visit their site at https://www.Kali.org.

...

Installing Kali Linux from scratch

Let's suppose that you have a laptop or a dedicated host, and you want to install Kali Linux. Follow the steps in this section, and you can install this monster on your machine. Also, you can install a fresh copy on a virtual machine (if you want to learn the details of the installation process yourself), but Kali Linux offers pre-built VMs, which we will learn about later in this chapter:

  1. First, you need to download Kali. Simply browse to https://www.kali.org/downloads, and you will land on the download page for this operating system (OS).
  2. I will choose the 2018.1 64 bit version, and will click on the HTTP link to download it directly to my machine. After the download has completed, you will need to copy the ISO file to a bootable USB drive. You're probably asking yourself this question: how do I make my USB bootable? There is a Windows...

Installing Kali on VMware

If you have VMware and you want to install Kali Linux on it, then this section is for you. In the previous section, you saw how to install Kali from scratch, but you don't need to do that if you have VMware. All you need to do is download the image file and import it into VMware, and you're good to go:

  1. To download the VMware image file, go to https://www.kali.org/downloads and scroll down a little bit, until you see the following section:
  1. Follow the link to the Offensive Security Download Page. On this page, you will see a table that contains the virtual image copies of VMware:
  1. Choose either the 32- or 64-bit version, and download it locally to your machine. Then, you will need to import it into VMware, so locate the File menu (click on it) and then click on Open:
  1. A dialog window will show up, and you should select your downloaded...

Installing Kali on VirtualBox

VirtualBox is a very popular virtualization product, because it's free and it offers professional features. You will probably use VirtualBox for your virtualization environment. My base machine is either Windows or macOS, and I have VirtualBox installed on top of it, so I can use Kali Linux for my penetration testing tasks.

Kali offers us pre-built images for VirtualBox, so all we need to do is import them and start using Kali right away. Amazing, right? See the following steps:

  1. To download the VirtualBox image file, go to https://www.kali.org/downloads and scroll down a little bit, until you see the following section:
  1. Follow the link to the Offensive Security Download page. On that page, you will see a table that contains the virtual image copies for VirtualBox:
  1. Choose either the 32- or the 64-bit version, and download it locally to your...

Bridged versus NAT versus Internal Network

People are totally confused regarding how the network configurations in VirtualBox and VMware work. The three most popular configurations are Bridged, NAT, and Internal Network.

Let's start with the easiest option, which is the Bridged network. This architecture will let your Kali Linux connect directly to your network (LAN), and will get an automatic IP address from your home router. So, if your network is 192.168.0.0, then your Kali IP address will be something like 192.168.0.x (for example, 192.168.0.101). Now, you can interact with the machines on your network by using Kali Linux:

Some people are afraid of connecting Kali to the network, because it's open to personal computers. If you're anxious about it, you can choose NAT or NAT Network (on VirtualBox). If you're using VirtualBox, then use an NAT Network instead...

Updating Kali Linux

Before you start using your Kali Linux machine, you need to make sure that you're up to date. The command to update Kali Linux is straightforward, and you will get used to it, since you will have to execute it at least once a week, or before installing any new application:

apt-get update
apt-get upgrade -y
reboot

The -y in the upgrade command will accept the prompts automatically. You will not need to press the letter Y every time the upgrade asks you a question.

You are probably curious to know where the configuration file for the update repositories is located in Kali. The path to the configuration file is /etc/apt/sources.list (the # at the beginning of a line means it's commented):

Summary

At this stage, you're ready to start using Kali Linux. In the next chapter, you will take your skills to the next level by starting to master the use of this operating system.

I like to keep the summary short and not bore you with useless details. I hope that you enjoyed this chapter, and that you learned how to download and install Kali Linux from scratch. I'm assuming that you learned how to install Kali on VMware, or VirtualBox; don't forget to install the additional tools for both.

As a final note, don't forget to update your Kali Linux host before moving onto the next chapter.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • •Build an end-to-end threat model landscape for web application security
  • •Learn both web application vulnerabilities and web intrusion testing
  • •Associate network vulnerabilities with a web application infrastructure

Description

Companies all over the world want to hire professionals dedicated to application security. Practical Web Penetration Testing focuses on this very trend, teaching you how to conduct application security testing using real-life scenarios. To start with, you’ll set up an environment to perform web application penetration testing. You will then explore different penetration testing concepts such as threat modeling, intrusion test, infrastructure security threat, and more, in combination with advanced concepts such as Python scripting for automation. Once you are done learning the basics, you will discover end-to-end implementation of tools such as Metasploit, Burp Suite, and Kali Linux. Many companies deliver projects into production by using either Agile or Waterfall methodology. This book shows you how to assist any company with their SDLC approach and helps you on your journey to becoming an application security specialist. By the end of this book, you will have hands-on knowledge of using different tools for penetration testing.

Who is this book for?

Practical Web Penetration Testing is for you if you are a security professional, penetration tester, or stakeholder who wants to execute penetration testing using the latest and most popular tools. Basic knowledge of ethical hacking would be an added advantage.

What you will learn

  • •Learn how to use Burp Suite effectively
  • •Use Nmap, Metasploit, and more tools for network infrastructure tests
  • •Practice using all web application hacking tools for intrusion tests using Kali Linux
  • •Learn how to analyze a web application using application threat modeling
  • •Know how to conduct web intrusion tests
  • •Understand how to execute network infrastructure tests
  • •Master automation of penetration testing functions for maximum efficiency using Python
Estimated delivery fee Deliver to Norway

Standard delivery 10 - 13 business days

€11.95

Premium delivery 3 - 6 business days

€16.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 22, 2018
Length: 294 pages
Edition : 1st
Language : English
ISBN-13 : 9781788624039
Vendor :
Offensive Security
Category :
Languages :
Concepts :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Estimated delivery fee Deliver to Norway

Standard delivery 10 - 13 business days

€11.95

Premium delivery 3 - 6 business days

€16.95
(Includes tracking information)

Product Details

Publication date : Jun 22, 2018
Length: 294 pages
Edition : 1st
Language : English
ISBN-13 : 9781788624039
Vendor :
Offensive Security
Category :
Languages :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 111.97
Web Penetration Testing with Kali Linux
€41.99
Advanced Infrastructure Penetration Testing
€36.99
Practical Web Penetration Testing
€32.99
Total 111.97 Stars icon

Table of Contents

17 Chapters
Building a Vulnerable Web Application Lab Chevron down icon Chevron up icon
Kali Linux Installation Chevron down icon Chevron up icon
Delving Deep into the Usage of Kali Linux Chevron down icon Chevron up icon
All About Using Burp Suite Chevron down icon Chevron up icon
Understanding Web Application Vulnerabilities Chevron down icon Chevron up icon
Application Security Pre-Engagement Chevron down icon Chevron up icon
Application Threat Modeling Chevron down icon Chevron up icon
Source Code Review Chevron down icon Chevron up icon
Network Penetration Testing Chevron down icon Chevron up icon
Web Intrusion Tests Chevron down icon Chevron up icon
Pentest Automation Using Python Chevron down icon Chevron up icon
Nmap Cheat Sheet Chevron down icon Chevron up icon
Metasploit Cheat Sheet Chevron down icon Chevron up icon
Netcat Cheat Sheet Chevron down icon Chevron up icon
Networking Reference Section Chevron down icon Chevron up icon
Python Quick Reference Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.2
(5 Ratings)
5 star 80%
4 star 0%
3 star 0%
2 star 0%
1 star 20%
Sebastien Oct 24, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
It is a great book for learning and improving in Web application Pentesting!Great reference for the Web Application challenges on the Internet. I also use it as a reference for the University web application security class.Highly recommended!
Amazon Verified review Amazon
Kartik Sep 30, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Coool books for newbies who are new to this area
Amazon Verified review Amazon
Ernesto Guevara Gonzaga Jul 08, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Es un buen libro para comenzar
Amazon Verified review Amazon
Hudney Piquant Aug 01, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is truly practical. Gus is a great teacher and is very detailed as well. One of my favorite chapter is his break down of how to use Burp Suite. With this book I was able to implement many things for my current project at work. Thanks again Gus.
Amazon Verified review Amazon
D. Garland Mar 05, 2020
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
For those who want a TL:DR - waste of money, filled with information that can be found freely on the internet, provides tutorials on licensed ($400 USD) Burp Suite (not the free version), the last 15% of the book is nothing but cheat sheets for common pen-testing tools (again, free on the internet).Most of the work is a compilation of information that can be freely found using any search engine. I bought this primarily as a beginners introduction to pen-testing websites using Burp Suite. Obviously, the author has a licensed version of Burp Suite and if you want to follow along with the book you'll need to shell out $400 for a Burp Suite license. Otherwise, you aren't going to get much out of that section.There a few examples of how to exploit the OWASP Mutillidae website that the book has you setup. Again, information you can get for free on the internet and even directly from the Mutillidae website itself.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela