Top critical review
15 people found this helpful
Lacks the specialization it advertises
on December 23, 2013
This book was a quick read for people familiar with penetration testing in general because there was very little specialization beyond the generalities of the discipline. My specialty is network penetration testing and I'm weaker on the Web app side of things. I was hoping for an in-depth study into what the title advertises, Web penetration with Kali. Instead, the book reads more like a very high level survey of tools available to a Web penetration tester. More time was spent on how to install, configure, and run the tools than on how Web pentesters use them in attacks.
A large portion of the content was padded with screenshots and step-by-step instructions on how to get the tools up and running. Most of the first half of the book covers pretty standard fare on what penetration testers do regardless of their focus, like recon, social engineering, and cracking passwords. Nothing I'd call Web-specific attacks. And at the end, an unexpectedly out of place diversion to file system forensics eats up a chapter as well. Doesn't do anything to help you with Web-based attacks, and is far too brief and summarized to help you with forensics.
I learned far more about the guts of Web application penetration testing; what the attack vectors are, how they work, what they look like, and which tools to use, from the OWASP Testing Guide.