1、now we looke at this book . I decide  to make a brief review

   the book covers as follows （I straight-forward copy here）:

Chapter 1, Building a Vulnerable Web Application Lab, will help us to get and

install the vulnerable application Mutillidae using Windows and Linux. Also, we

will have a quick tour of how to use this vulnerable web application.

Chapter 2, Kali Linux Installation, will explain how to download, install, and

configure Kali Linux

Chapter 3, Delving Deep into the Usage of Kali Linux, will teach more about how

to deal with Kali Linux from the Terminal window, and will help you to become

a ninja in bash scripting as well.

Chapter 4, All About Using Burp Suite, covers what you need to know about

Metasploit to fulfil the role of a web application security expert.

Chapter 5, Understanding Web Application Vulnerabilities, explains the attacks

that can happen on a web application, and after finishing the chapter, you will be

able to use these skills to manipulate your findings during pentests.

Chapter 6, Application Security Pre-Engagement, will explain how to sign all the

necessary contracts before starting the tests. Also, you will learn how to

estimate, scope, and schedule your tests before they start.

Chapter 7, Application Threat Modeling, will explains that ATM is a security

architecture document that allows you to identify future threats and to pinpoint

the different pentest activities that need to be executed in the future deployment

of the web application project.

Chapter 8, Source Code Review, covers how to deal with the source code review

process. The source code is the heart or engine of a web application, and it must

be properly constructed from a security perspective.

Chapter 9, Network Penetration Testing, explains how to use Metasploit, Nmap,

and OpenVAS together to conduct a network infrastructure vulnerability

assessment.

Chapter 10, Web Intrusion Tests, will show how to look for web application based

vulnerabilities (SQLi, XSS, and CSRF) using Burp. Also, the readers will learn

how to take advantage of, get a remote shell, and probably elevate their

privileges on the victim web server.

Chapter 11, Pentest Automation Using Python, explains how to automate

everything that we have learned using the Python language for a more

performant result.

Appendix A, Nmap Cheat Sheet, a list of the most common Nmap options.

Appendix B, Metasploit Cheat Sheet, provides a quick reference to the Metasploit

framework.

Appendix C, Netcat Cheat Sheet, provides Netcat commands and a few popular

practical examples.

Appendix D, Networking Reference Section, provides important information about

networking, such as network subnets, port number, and its services.

Appendix E, Python Quick Reference, provides a quick overview of the amazing

programming language—Python.

2、now we looke at the first paragraph

   how install vulnerable web application on wondows or linux or Ubuntu    the application nmae's is Mutillidae in chinese(大黄蜂)

 at present how to download ，the address  url : www.packtpub.com

 another resource in GitHub  the address url:  https://github.com/PacktPublishing/Practical-web-Penetration-Testing

how to building  like this :

 step1 download Mutiliidae    url：  https:/sourceforge.net

 

 3、install the simulation application  XAMPP 

    the XAMPP have Apache Mysql and php functions

   the download url : https://www.apachefriends.org/download.html

4、before install the XAMPP close allover antivirus，for me I have been installed another  Trigger problems

 

 install   procedur as follows :  in this  here I use the default path C

我的电脑启动apacheL的时候 出现异常，因为之前安装过一个类似的application DVWA。也有可能是其他软件占用了固定的端口 ，修改配置文件如下

 修改配置的端口后 启动成功。总结 修改一共两个端口 the one 服务端口 80 修改成8081   the second  监听端口 443 直接注释掉或者修改成1023以上的端口

 

5、how to install mutillidae

     search your ip

 

 成功启动Mutillidae之后 如下

但是有时候提示出现  错误代码 1045

Access denied for user 'root'@'localhost' (using password:YES)