Network Penetration Testing

Be prepared—this is going to be a massive chapter! In fact, this is a book's worth of information in one chapter. Why? Because I want it to be a reference for you to use in your future career. Network vulnerability assessment and penetration testing will be one of your major tasks when working in web application security. Say that you deploy a web application on a vulnerable operating system that is accessible from the internet—this would be a Christmas gift for a hacker who wants to get a remote shell into your company's server.

Most of the internet security books on the market talk about this subject (penetration testing with Kali Linux), so I asked myself, Before writing this chapter, how can I use it myself for my own daily security tests?. I want it to be useful for you as much as possible so you can use it in practice for your daily job and for your penetration testing certifications as well.

You can use both this and the following chapter as a cheat sheet to practice your penetration testing skills. You can use the Capture the Flag (CTF) methodology by downloading vulnerable virtual machines and trying to exploit them to enhance your hacking skills. A good source to download these VMs from is: http://www.vulnhub.com.

This book is for intermediate to advanced professionals who are seeking to enhance and deepen their knowledge. If you feel that the information in this chapter is overwhelming and not clear, then I invite you to watch a few online courses for beginners in penetration testing .

Let's go straight ahead and start this chapter, which will cover the following topics:

  • Passive information gathering
  • Services enumeration
  • Network vulnerability assessment
  • Vulnerability exploitation
  • Privilege escalation
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset