We have had a chance to really start building out our test environment and setting up tools such as Kioptrix, pfSense, Mutillidae, HAProxy, and more. Using these tools in our lab helps us to better understand the technology that we are testing. The best penetration testers have significant IT experience, so that they are able to leverage both when testing and when explaining the concepts and mitigating controls to their clients.
You also learned how to use tools such as lbd to determine if a system is being load balanced, and wafw00f to look for web application firewalls. Practice makes perfect, and with that in mind, each and every step was defined in such a way that you could follow along and gain confidence with the technology, or just simply refresh your already significant skill set. After all, with so much to remember in the security field, it is easy to fall out of practice.
We walked through using the w3af graphical user interface and then followed up with the w3af console, that can be scripted if you want to be even more efficient. Using Kioptrix 1.2, we were able to walk through the different steps that might be taken if you were trying to penetrate a large web application for a client. We discussed that sometimes, automated tools are just not sufficient to find the exploits, and thus a browser and HTTP proxy such as WebScarab can make the difference between a good and a bad penetration test. We also introduced you to plugins that have been created by the community to help security professionals perform their job.
One last thing that you learned is that web application testing is a complex and difficult art to master. If you run into problems, never give up and just keep trying! This is what the challenges are for, and there are a number of references out there to improve on your skillset; explore as many as you can.
The next chapter dives into exploitation and client-side attacks. You will learn about buffer overflows and even create your own vulnerable program. We also discuss different fuzzers, such as BED and sfuzz. We also touch upon antivirus avoidance and repackaging payloads. Best of all, we will discuss the Social Engineering Toolkit, which should be an invaluable addition to every pentester's toolbox.