This chapter concludes reviewing various methods available in Kali Linux 1.0 that could be used to perform Penetration Testing against web application servers. At this point, readers should know how to research a target, identify vulnerabilities in that target, as well as all associated interactions with host and clients, exploit vulnerabilities, and interrupt services if desired. This text is a brief overview of tools available in Kali Linux; however, there are many other tools beyond Kali Linux that should be included in your Penetration Testing arsenal. Kali Linux offers a lot of value with native toolsets; however, the best Penetration Testers leverage tools beyond Kali, such as Day Zero type attacks based on custom scripts and utilities. We recommend researching and testing multiple tools for attack methods covered in this text to grow your experience as a professional Penetration Tester.

This chapter focused on identifying and exploiting vulnerabilities remotely as related to Internet-based attacks. We covered browser exploitation attacks, proxy attacks, and password harvesting. We concluded with methods to interrupt services as a means of stress testing web applications as well as identifying how vulnerable targets are to DoS attacks.

The next chapter will change gears by looking at how to defend web applications using tools available in Kali Linux 1.0.