Kali Linux Web App Pentesting Labs

Name: Kali Linux Web App Pentesting Labs
Price: 10.99 USD
Rating: 4.1 (617 reviews)

Learn how to hack web applications with a real cybersecurity professional!

(617 ratings)

6,068 students

Created by Jesse K, M.S., OSCP, CEH, Security+, Linux+, Network+, CISSP

Last updated 4/2020

English

English [Auto]

What you'll learn

Build your own penetration testing lab environment
Discover vulnerabilities in web applications automatically and manually
Escalate privileges within Linux
Local and remote buffer overflow
SQL Injection
Cross Site Scripting
Exploitation of various web-based vulnerabilities

Requirements

Basic networking experience
Familiarity with Windows and Linux
Kali Linux
Beebox
SQLi Labs
OWASP Juice Shop
WebGoat
VirtualBox (preferred) or VMware

Description

Welcome to my Kali Linux Web App Pentesting Labs course! This course will be 100% hands-on, focusing specifically on exploitation of vulnerable web applications. We’ll be building a lab environment consisting of Kali Linux, and several intentionally vulnerable web applications including Beebox, SQL injection labs, OWASP Juice Shop, and WebGoat.

Through the duration of this course, we’ll be focusing upon the most prevalent web application vulnerabilities and how to exploit them. As a framework for our learning approach, we’ll be using the most recent version of OWASP at the time of this recording, which is OWASP 2017 top 10. OWASP is an organization which focuses upon improving the security of web applications and is a fundamental and necessary component to learn for aspiring pentesters. We'll be covering OWASP 1-9, because 10 does not apply specifically to pentesting, and is focused on the defensive side. Additionally, we'll be covering each of these in great detail over this course.

The primary topics within this course are both manual and automated methods of detection and exploitation of web application web application vulnerabilities. You'll be getting hands-on exposure to industry standard tools such as Burpsuite, Nmap, Nikto, Sqlmap, and many more. From what I've seen over the years in cybersecurity academia, including certifications, hands-on skills are highly lacking, save for the offensive security certs. This is because the majority of courses I've seen only teach theory, and have students prove their competency through writing and answering multiple choice questions. This does not prepare one for the real world, especially for pentesting where technical skills are paramount. This course aims to bridge that gap.

The beginning of this course will consist of downloading, installing, and configuring the components necessary for comprehensive hands-on web application penetration testing in a lab environment. Please get ready to hit the ground running and follow along with these labs, as we’ll be getting started right away in the subsequent lecture.

I really look forward to working with all of you. If you have any questions during any of the labs, please feel free to reach out to me directly with the messaging system or Q&A section.

Who this course is for:

OSCP candidates
CEH candidates
Penetration testers
Cybersecurity professionals
Cybersecurity/IT students
Pentest+ candidates

Featured review

Daniel P.

71 courses

17 reviews

5 years ago

This course was great and dove right into the material I was looking for. The instructor was clear, revisited concepts where necessary and demonstrates how each of the tools interact with one another.

Jesse K, M.S., OSCP, CEH, Security+, Linux+, Network+, CISSP

Senior Penetration Tester and Technical Trainer

4.5 Instructor Rating
6,796 Reviews
54,240 Students
7 Courses

Summary: Jesse K is a cybersecurity expert with a breadth and depth of knowledge, professional experience, and top of the line credentials directly related to his field of expertise. He has provided quality training for thousands of students online, has mentored them one-on-one, and has coached many to acquire jobs in the cyber field. Professional strengths include security analysis, intrusion detection, ethical hacking, penetration testing, training, and technical writing. Jesse has a true passion for cybersecurity and information technology, and an insatiable ambition to further his knowledge and professional skill set.

Specialties: Intrusion Detection / Network Security Monitoring (Security Onion, Snort, Bro, and Suricata); SIEM Technology (Elasticsearch, Logstash, Kibana (ELK), ArcSight, and Splunk); PCAP analysis (Tcpdump, Wireshark, NetworkMiner, NetWitness/Security Analytics); Penetration Testing (Kali Linux, BurpSuite, Nikto, Nmap, Metasploit, etc.)

Current Degrees/Certifications: M.S. in Information Technology with Information Assurance Specialization / B.S. in Computer Networks and Security / Network+, A+, Security+, Linux+, Certified Ethical Hacker v8 (CEH), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), eLearnSecurity Web application Penetration Tester (eWPT)