Juned Ahmed Ansari - Web Penetration Testing with Kali Linux

Juned Ahmed Ansari (@junedlive) is a cyber security researcher based out of Mumbai. He currently leads the penetration testing and offensive security team of a large MNC. Juned has worked as a consultant for large private sector enterprises, guiding them on their cyber security program. He has also worked with start-ups, helping them make their final product secure.

Juned has conducted several training sessions on advanced penetration testing, focused on teaching students stealth, and evasion techniques in highly secure environments. His primary focus areas are penetration testing, threat intelligence, and application security research. He holds leading security certifications such as GXPN, CISSP, CCSK, and CISA. Juned enjoys contributing to public groups and forums and occasionally blogs at http://securebits.in.

I would like to dedicate this book to my parents, Abdul Rashid and Sherbano, and sisters, Tasneem and Lubna. Thank you all for your encouragement on every small step that I took forward. Thank you mom and dad for all the sacrifices and always believing in me. I would also additionally like to thank my seniors for their mentorship and friends and colleagues for supporting me over the years.

Olivier Le Moal is a young System Security Engineer, working in the French online poker industry. He is an open source enthusiast and holds OSCP certification. He also runs a French security blog (blog.olivierlemoal.fr).

Gilberto Najera-Gutierrez leads the Security Testing Team (STT) at Sm4rt Security Services, one of the top security firms in Mexico. He also is an Offensive Security Certified Professional (OSCP), an EC-Council Certified Security Administrator (ECSA) and holds a Master's degree in Computer Science with specialization in Artificial Intelligence.Working as a Penetration Tester since 2013 and being a security enthusiast since high school, he has successfully conducted penetration tests to networks and applications of some the biggest corporations in Mexico, government agencies, and financial institutions.

Janusz Oppermann is an enthusiastic and passionate security specialist and ethical hacker. He is currently working at Deloitte The Netherlands as an ethical hacker/security professional. He is experienced with security testing of (wifi-) network infrastructures, web applications, and mobile applications. Because of his broad experience with network infrastructures and security solutions in different types of organizations, he is able to find security issues, estimate risks, and give consultations on the subject. He holds several security-related certifications such as CISSP, OSCP, CCNP Security, and CEH.

www.PacktPub.com

Support files, eBooks, discount offers, and more

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at > for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why subscribe?

• Fully searchable across every book published by Packt
• Copy and paste, print, and bookmark content
• On demand and accessible via a web browser

Free access for Packt account holders

If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.

Preface

Kali Linux is a Linux distribution widely used by security professionals. It comes bundled with many tools to effectively perform a security assessment. It has tools categorized based on the different phases of a penetration test such as information gathering, vulnerability analysis, and exploitation phase to name a few. The latest version, Kali 2.0, was released at Black Hat USA 2015. Besides tools used in a network penetration test, Kali Linux also includes tools to perform web application security and database assessment.

Web applications have become an integral part of any network and they need special attention when performing a security assessment. Web penetration testing with Kali Linux is designed to be a guide for network penetration testers who want to explore web application hacking. Our goal in this book is to gain an understanding about the different security flaws that exist in web application and then use selected tools from Kali Linux to identify the vulnerabilities and exploit them.

The chapters in this book are divided based on the steps that are performed during a real-world penetration test. The book starts with describing the different building blocks of a penetration test and then moves on to setting up the lab with Kali 2.0. In subsequent chapters, we follow the steps of a professional penetration tester and identify security flaws using the tools in Kali 2.0.