Kali Linux is a leading Penetration Testing tool that can be used to identify where systems are vulnerable to attack.
Kali Linux is a leading Penetration Testing tool that can be used to identify where
systems are vulnerable to attack. Rather than attacking a target, we recommend
Penetration Testing your own network assets to identify vulnerabilities before a
malicious individual beats you to it. To quote Sun Tzu from The Art of War:
"If you know the enemy and know yourself, you need not fear the result of a
hundred battles. If you know yourself but not the enemy, for every victory gained
you will also suffer a defeat. If you know neither the enemy nor yourself, you will
succumb in every battle"
We believe the same foundational concepts are true; use Kali Linux to know yourself,
and know your weakness.
The advantage you have is you know it's happening, you and can use extreme
measures without the worry of triggering alarms. Typically, hackers will not risk
exposing themselves, reducing their options for attack. Stealth requires patience,
minimal touch to the target, and lots of planning. It is up to you to capitalize on your
ability to invest proper time and resources into security before somebody else invests
more into bypassing it. A common saying from the authors of this book is "99 percent
secure is a 100 percent insecure".
This chapter will provide different methods of using Kali Linux to audit your web
applications for common vulnerabilities, as well as other best practices for hardening
your network. We will cover security baselines, patch management, password
policies, and defending against attack methods, covered in previous chapters.
This chapter will also include a focused section on using Kali Linux in a forensic
investigation. Forensics is important after identifying that your web application or
other assets have been compromised, to avoid future negative impact.
Testing your defenses
As explained in the introduction, the best approach for hardening your defense is
attacking your existing security controls with the goal of identifying weakness.
Some key concepts to consider when developing a strategy for testing your cyber
security defenses are as follows:
• Black, white, or gray hat approach?
• Test a copy or the real system?
• Possible risks from Penetration Test?
• Who should be informed?
Kali Linux is a leading Penetration Testing tool that can be used to identify where
systems are vulnerable to attack. Rather than attacking a target, we recommend
Penetration Testing your own network assets to identify vulnerabilities before a
malicious individual beats you to it. To quote Sun Tzu from The Art of War:
"If you know the enemy and know yourself, you need not fear the result of a
hundred battles. If you know yourself but not the enemy, for every victory gained
you will also suffer a defeat. If you know neither the enemy nor yourself, you will
succumb in every battle"
We believe the same foundational concepts are true; use Kali Linux to know yourself,
and know your weakness.
The advantage you have is you know it's happening, you and can use extreme
measures without the worry of triggering alarms. Typically, hackers will not risk
exposing themselves, reducing their options for attack. Stealth requires patience,
minimal touch to the target, and lots of planning. It is up to you to capitalize on your
ability to invest proper time and resources into security before somebody else invests
more into bypassing it. A common saying from the authors of this book is "99 percent
secure is a 100 percent insecure".
This chapter will provide different methods of using Kali Linux to audit your web
applications for common vulnerabilities, as well as other best practices for hardening
your network. We will cover security baselines, patch management, password
policies, and defending against attack methods, covered in previous chapters.
This chapter will also include a focused section on using Kali Linux in a forensic
investigation. Forensics is important after identifying that your web application or
other assets have been compromised, to avoid future negative impact.
Testing your defenses
As explained in the introduction, the best approach for hardening your defense is
attacking your existing security controls with the goal of identifying weakness.
Some key concepts to consider when developing a strategy for testing your cyber
security defenses are as follows:
• Black, white, or gray hat approach?
• Test a copy or the real system?
• Possible risks from Penetration Test?
• Who should be informed?
Trimiteți un comentariu