Tuesday, June 27, 2017
9:00 AM – 5:00 PM 8 CPEs
Web Application Security Testing with Kali Linux
Mike Landeck, Director of Corporate Security/CISO
Brandon Archer, Information Security Architect, Adams County
Kali Linux is a powerful and popular tool for penetration testing and cybersecurity assessments. However, for a beginner it can be confusing and intimidating. This workshop is designed for the passionate beginner who wants a structured, plain-English environment to learn the basics of Web application security testing using Kali. Attendees will leave with an understanding of the basics as well as step-by-step documentation allowing them to go back to their organizations and continue their learning as well as being able to do rudimentary assessments.
- Learn to navigate Kali Linux and run the applications necessary to do a web application security assessment
- Learn how to run an open source web vulnerability scanner
- Leave with a step-by-step test plan allowing them to conduct their own web application security assessments
- Receive templates and cheat sheets for documenting their findings
- Learn light web hacking skills to assist in their assessments
Part 1: Set-up
- Orientation to the tools and target site
Part 2: Recon and Intel
- Identifying sub-domains
- Checking for Firewalls
- Fingerprinting the server and services
Part 3: Web Scanning
- Spider a web site
- Run an open source web vulnerability scanner
- Audit and interpret the results
Part 4: Manual Inspection
- Follow a comprehensive test plan to identify and document common web vulnerabilities
Part 5: Beginning Web Pen Testing
- Exploit the SQL injection found by the scanner to dump credit card numbers from a database
- Exploit the file upload vulnerability found by the scanner to run the code on the server
- Exploit the Cross-Site Scripting vulnerability found by the scanner to redirect users
The class will follow a “See it, read it, do it” model where each of the exercises is demonstrated live by the instructor and the students will have a step-by-step guide to use as they complete the exercise. In addition to the instructor will be an assistant instructor to help those who are falling behind.
Students must bring their own laptop. Prior to the workshop each student will be required to download the necessary software and confirm it runs on their laptop. A list of software and system requirements will be provided in advance.
When students leave they will take the test site and documentation with them, allowing them to begin assessments at their organizations.