Kali Linux Web App Testing

Leverage the true power of Kali Linux with the help of its tools and take your app security to the next level
4.0 (41 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
829 students enrolled
80% off
Take This Course
  • Lectures 29
  • Length 3 hours
  • Skill Level All Levels
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works


Find online courses made by experts from around the world.


Take your courses with you and learn anywhere, anytime.


Learn and practice real-world skills and achieve your goals.

About This Course

Published 6/2015 English

Course Description

With an ever-changing online environment, security is a constantly growing concern. It's hard for web developers to keep up with new and emerging techniques that attackers may use to hack into a site. In such a scenario, Kali Linux emerges as a powerful package to penetration test your website or application.

Kali Linux Web App Testing will help you prevent different cyber attacks from basic vulnerabilities to ones less spoken of. Firstly, you will be introduced to injection techniques such as SQL injection along with SQLMap. After that, you'll learn what XSS injection is and how to use XSSER against it. Then you'll walk through local and remote file inclusions and ways to counteract them. You'll also learn other cyber invasions such as Remote Command Execution and Cross Site Request Forgery. Furthermore, you'll see what Open Redirects and Open Proxies are and how to tackle them. Finally, you'll learn the concept of Clickjacking and how to avoid it. Towards the end of this course, you'll not only be familiar with various cyber attacks and vulnerabilities, but also know different approaches to deal with them.

The course follows a strict hands-on approach; combined with practical examples, it will help you to understand, how these attacks work and how to combat them effectively.

About the Author

Jack (linkcabin) is a UK-based independent security researcher, who has a huge passion for information security. He loves reverse engineering, finding vulnerabilities in web applications, and creating video content. He is in the Halls of Fame of Netflix, AT&T, and eBay. Jack also catalogues some of his more technical findings on a blog, and various information security professionals read about them. Much of his day is spent e-mailing companies about vulnerabilities that he comes across in their websites. He finds the offensive side of security an interesting area, and is passionate about researching and communicating with various people about the importance of security. He also aims to change the existing public opinion on hackers.

What are the requirements?

  • No matter whether you are familiar to Kali Linux or totally new to it, this course will guide you through all the essential tools to kick-start app testing.

What am I going to get from this course?

  • Understand what SQL injection is and coupled with SQLMap, how it can infiltrate your system
  • Protect your system against XSS vulnerabilities by using XSSER
  • Safeguard user credentials by figuring out how Bruteforcing works
  • Get to know Remote Command Execution and how it can affect your system
  • Analyze Cross-Site Request Forgery attacks to defend your system against them
  • Inspect open proxies and open redirects to shield your system from them
  • Understand Clickjacking and the best approach to elude it

Who is the target audience?

  • If you're a web developer who wants to make their app impenetrable, then this course is perfect for you.

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.


Section 1: Understanding the Basics

Talk about different features that Kali Linux has to offer.


Create our work environment to work with Kali Linux.


Understand the basic concepts of Kali Linux.

Section 2: Security Vulnerabilities – A Website's Worst Case Scenario

Understand how to trigger SQL errors to show a possibility of a SQL Injection.


Learn about some of sqlmap's command-line arguments.


Explain the more obscure arguments.


Learn what the concept of XSS is.


Working with XSSER in GUI.


Filtering out injections correctly.

Section 3: Securing Your Files – No File Is Safe

Get familiarized with the concept of LFI and RFI, and know how dangerous they are.


Use Fimap to identify LFI and RFI vulnerabilities.


Understand directory traversal and fix RFI/LFI/Directory Traversal.

Section 4: Avoiding Forced Attacks

Understand the basics of brute-forcing.


Explore the fundamentals of Hashcat.


Discuss the concept of form brute-forcing.


Discover how powerful Hydra can be.

Section 5: New Tools in the Arsenal

Learn about the various parts of vulnerability scanners.


Study the main concept of open redirects and open proxies.


Know what remote command execution is.


Understand the term "Information Disclosure."


How tampering data can be useful in a manual scan of a site.

Section 6: Silent Manipulation with CSRF

Understand what CSRF is and what the consequences of having this vulnerability could be.


Learn to use testing tools for the proof of concept and examples of CSRF.


Learning common defenses against CSRF.

Section 7: Extra Measures for the Shop

Review the features of OWASP ZAP to analyze a site effectively.


Learn what two-factor authentication is and how it can be effective.


Understand how weak passwords can be mitigated and how to possibly defend against phishing.


Comprehend what clickjacking is and the defenses.


Wrap up the course.

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Packt Publishing, Tech Knowledge in Motion

Packt has been committed to developer learning since 2004. A lot has changed in software since then - but Packt has remained responsive to these changes, continuing to look forward at the trends and tools defining the way we work and live. And how to put them to work.

With an extensive library of content - more than 4000 books and video courses -Packt's mission is to help developers stay relevant in a rapidly changing world. From new web frameworks and programming languages, to cutting edge data analytics, and DevOps, Packt takes software professionals in every field to what's important to them now.

From skills that will help you to develop and future proof your career to immediate solutions to every day tech challenges, Packt is a go-to resource to make you a better, smarter developer.

Packt Udemy courses continue this tradition, bringing you comprehensive yet concise video courses straight from the experts.

Ready to start learning?
Take This Course