O'Reilly logo

Building Virtual Pentesting Labs for Advanced Penetration Testing by Kevin Cardwell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Identifying web application firewalls

We are more than likely going to encounter a web application firewall (WAF) when we are testing. These are designed to identify most of the attacks we have covered in this chapter (well, most of the URL-based attacks). We will once again turn to the Kali Linux distribution to identify a WAF. You will need your Kali Linux machine and your WAF machine we created in Chapter 6, Creating an External Attack Architecture.

Once the machines are up and running, the first thing we will do is identify we have a website protected by a web application firewall. We have several methods to do this, each with varying success. The first method we will try is the Nmap tool.

In your Kali Linux machine, open a terminal window and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required