Practical Web Penettation Testing （the first one Mutillidae 大黄蜂）

1、now we looke at this book . I decide  to make a brief review

the book covers as follows （I straight-forward copy here）:
Chapter 1, Building a Vulnerable Web Application Lab, will help us to get and
install the vulnerable application Mutillidae using Windows and Linux. Also, we
will have a quick tour of how to use this vulnerable web application.
Chapter 2, Kali Linux Installation, will explain how to download, install, and
configure Kali Linux
Chapter 3, Delving Deep into the Usage of Kali Linux, will teach more about how
to deal with Kali Linux from the Terminal window, and will help you to become
a ninja in bash scripting as well.
Chapter 4, All About Using Burp Suite, covers what you need to know about
Metasploit to fulfil the role of a web application security expert.
Chapter 5, Understanding Web Application Vulnerabilities, explains the attacks
that can happen on a web application, and after finishing the chapter, you will be
able to use these skills to manipulate your findings during pentests.
Chapter 6, Application Security Pre-Engagement, will explain how to sign all the
necessary contracts before starting the tests. Also, you will learn how to
estimate, scope, and schedule your tests before they start.
Chapter 7, Application Threat Modeling, will explains that ATM is a security
architecture document that allows you to identify future threats and to pinpoint
the different pentest activities that need to be executed in the future deployment
of the web application project.
Chapter 8, Source Code Review, covers how to deal with the source code review
process. The source code is the heart or engine of a web application, and it must
be properly constructed from a security perspective.
Chapter 9, Network Penetration Testing, explains how to use Metasploit, Nmap,
and OpenVAS together to conduct a network infrastructure vulnerability
assessment.
Chapter 10, Web Intrusion Tests, will show how to look for web application based
vulnerabilities (SQLi, XSS, and CSRF) using Burp. Also, the readers will learn
how to take advantage of, get a remote shell, and probably elevate their
privileges on the victim web server.
Chapter 11, Pentest Automation Using Python, explains how to automate
everything that we have learned using the Python language for a more
performant result.
Appendix A, Nmap Cheat Sheet, a list of the most common Nmap options.
Appendix B, Metasploit Cheat Sheet, provides a quick reference to the Metasploit
framework.
Appendix C, Netcat Cheat Sheet, provides Netcat commands and a few popular
practical examples.
Appendix D, Networking Reference Section, provides important information about
networking, such as network subnets, port number, and its services.
Appendix E, Python Quick Reference, provides a quick overview of the amazing
programming language—Python.
2、now we looke at the first paragraph

how install vulnerable web application on wondows or linux or Ubuntu    the application nmae's is Mutillidae in chinese(大黄蜂)

at present how to download ，the address  url : www.packtpub.com

another resource in GitHub  the address url:  https://github.com/PacktPublishing/Practical-web-Penetration-Testing

how to building  like this :

step1 download Mutiliidae    url：  https:/sourceforge.net

3、install the simulation application  XAMPP

the XAMPP have Apache Mysql and php functions

the download url : https://www.apachefriends.org/download.html

4、before install the XAMPP close allover antivirus，for me I have been installed another  Trigger problems

install   procedur as follows :  in this  here I use the default path C

我的电脑启动apacheL的时候 出现异常，因为之前安装过一个类似的application DVWA。也有可能是其他软件占用了固定的端口 ，修改配置文件如下

修改配置的端口后 启动成功。总结 修改一共两个端口 the one 服务端口 80 修改成8081   the second  监听端口 443 直接注释掉或者修改成1023以上的端口

5、how to install mutillidae

search your ip

成功启动Mutillidae之后 如下

但是有时候提示出现  错误代码 1045

Access denied for user 'root'@'localhost' (using password:YES)