Welcome to my Kali Linux Web App Pentesting Labs course! This course will be 100% hands-on, focusing specifically on exploitation of vulnerable web applications. We’ll be building a lab environment consisting of Kali Linux, and several intentionally vulnerable web applications including Beebox, SQL injection labs, OWASP Juice Shop, and WebGoat.
Through the duration of this course, we’ll be focusing upon the most prevalent web application vulnerabilities and how to exploit them. As a framework for our learning approach, we’ll be using the most recent version of OWASP at the time of this recording, which is OWASP 2017 top 10. OWASP is an organization which focuses upon improving the security of web applications and is a fundamental and necessary component to learn for aspiring pentesters. We'll be covering OWASP 1-9, because 10 does not apply specifically to pentesting, and is focused on the defensive side. Additionally, we'll be covering each of these in great detail over this course.
The primary topics within this course are both manual and automated methods of detection and exploitation of web application web application vulnerabilities. You'll be getting hands-on exposure to industry standard tools such as Burpsuite, Nmap, Nikto, Sqlmap, and many more. From what I've seen over the years in cybersecurity academia, including certifications, hands-on skills are highly lacking, save for the offensive security certs. This is because the majority of courses I've seen only teach theory, and have students prove their competency through writing and answering multiple choice questions. This does not prepare one for the real world, especially for pentesting where technical skills are paramount. This course aims to bridge that gap.
The beginning of this course will consist of downloading, installing, and configuring the components necessary for comprehensive hands-on web application penetration testing in a lab environment. Please get ready to hit the ground running and follow along with these labs, as we’ll be getting started right away in the subsequent lecture.
I really look forward to working with all of you. If you have any questions during any of the labs, please feel free to reach out to me directly with the messaging system or Q&A section.
Jesse Kurrus is a cybersecurity professional with strong network
security analysis and intrusion detection experience. Jesse is skilled
in utilizing commercial and proprietary Security Information and Event
Management (SIEM) technology to create rules, filters, generate reports,
and analyze correlations and events. Other professional strengths
include cybersecurity, ethical hacking, penetration testing, training, and
technical writing. Jesse has a true passion for cybersecurity and
information technology, and an insatiable ambition to further his
knowledge and professional skill set.
Specialties: Intrusion Detection / Network Security Monitoring (Security Onion, Snort, Bro, and Suricata); SIEM Technology (Elasticsearch, Logstash, Kibana (ELK), ArcSight, and Splunk); PCAP analysis (Tcpdump, Wireshark, NetworkMiner, NetWitness/Security Analytics); Penetration Testing (Kali Linux, BurpSuite, Nikto, Nmap, Metasploit, etc.)
Current Degrees/Certifications: M.S. in Information Technology with Information Assurance Specialization / B.S. in Computer Networks and Security / Network+, A+, Security+, Linux+, Certified Ethical Hacker v8 (CEH), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP)