Gain insights into web app vulnerabilities and attack methods, delve into penetration testing with Kali Linux, and explore tools for enhancing information security using Python, web tech, and network management.

webpen.tar.gz

shodan_api

Wireshark

chrome

Burp

frog

proxychains

encoder

setoolkitChrome

chromeShark

juiceshop

BurpChrome

This course is intended for people interested in information security—particularly in the penetration testing of various websites—to identify the security flaws present in the majority of newly developed websites and how to fix them. 

You will learn web penetration testing techniques using the Kali Linux operating system. You will be introduced to Python programming, web server technology, network management, open source intelligence, cross-site scripting, SQL injection, authentication and authorization in systems, cross-site request forgery, social engineering attacks, and concepts in information security management. 

Your knowledge of the various web application vulnerabilities and attack methods will be enhanced after taking this course. You will get hands-on experience with many tools used in online penetration testing in cyber security.

Web Application Penetration Testing

# That's all!

It's been a rather long journey together. We encountered great challenges (Chrome and Wireshark together!) and overcame them. After all, learning requires hard work, persistence, and practice. Our goal was to learn how to make web applications more secure, and the ways to do so often boggle the minds of many. Even established developers can sometimes struggle. 

Fortunately for security professionals,  this just means that pentesters are in high demand in the software industry. And this demand is going to keep on increasing as time goes by. Technology keeps on evolving, and bad actors continuously adapt to all these new advancements. So your journey as a pentester novice is not at an end—it has only just begun!

# Recap

In this course, we:

- Got acquainted with the basics of the Linux operating system
- Went through a crash course on Python and Bash basics
- Reviewed networking basics and how to analyze relevant data
- Learned how to find good resources and conduct research
- Practiced XSS, CSRF, and SQL injections
- Discovered how adversaries use social engineering to take down targets
- Learned about security in the grand scheme of things

# What's next?

Defining the next step of your pentesting career is entirely up to you, but we'd still like to offer up some advice:

- There are many Linux distros out there. Each has its own little peculiarities. This means that vulnerabilities may also vary. It's never a bad idea to look more deeply into these distros and Linux in general, even as a web application-only pentester.

- Further practice Python and Bash programming. Also, look into Ruby.

- Knowledge of advanced networking is the gateway to more complex attacks and their fixes.

-  Take part in Capture the Flag (CTF) and practice with more vulnerable web applications, like Acunetix's library and Damn Vulnerable Web Application (DVWA). There are lots more out there, but these are good places to start.

- We've tried XSS, CSRF, and SQL injections separately. Have you considered whether they could all be done at the same time in a single attack?

- Just pentesting web applications will only take us so far. Host-based pentesting should be the next step. Metasploitable2, a host that runs various vulnerable web applications, is a  nice starting point.


All that said, it never hurts do your research and decide your own path. Good luck!

Here are some concluding remarks on the course. 

Introduction to the Course

Introduction to Linux

Introduction to Python

Web and Server Technology

Network Management and Analysis

Open-Source Intelligence

Cross-Site Scripting

SQL Injection

Authentication and Authorization

Cross-Site Request Forgery

Social Engineering Attacks

Broader Security Concepts

Wrapping Up

Conclusion

That’s all!