@article{article_1629259, title={A RISK ASSESSMENT ON USAGE OF KALI TOOLS TO HACK AND MANIPULATE WEB-BASED MIS AND ERP APPLICATIONS}, journal={Yönetim Bilişim Sistemleri Dergisi}, volume={11}, pages={62–80}, year={2025}, author={Efe, Ahmet}, keywords={Kali Linux, web tabanlı uygulamalar, Yönetim Bilişim Sistemleri (YBS), Kurumsal Kaynak Planlaması (KKP), hackerlık, güvenlik açıkları, siber riskler}, abstract={The increasing reliance on web-based Management Information Systems (MIS) and Enterprise Resource Planning (ERP) applications has made them an attractive target for cyber attackers. This study conducts a comprehensive risk assessment of the use of Kali Linux tools in hacking and manipulating web-based MIS and ERP applications. By examining key penetration testing methodologies—including reconnaissance, scanning, enumeration, exploitation, and post-exploitation—this research highlights the vulnerabilities inherent in these systems. The study provides an in-depth analysis of prominent Kali Linux tools such as SQLMap, Burp Suite, Metasploit Framework, Nmap, and Nessus, which are commonly used for security testing but also pose significant risks when leveraged for malicious activities. Drawing on case studies and existing literature, the findings underscore the critical security gaps in web-based MIS and ERP applications, emphasizing the need for robust defense mechanisms. The study proposes proactive risk mitigation strategies, including regular security audits, implementation of least privilege access controls, security awareness training, deployment of advanced threat detection systems, and adherence to legal and compliance frameworks governing penetration testing. The research concludes that while Kali Linux serves as a valuable tool for ethical hacking and security assessments, its misuse with the support of AI algorithms and automated code generations of scanning and attacks necessitates a stringent cybersecurity framework to protect organizational assets. Future research should explore the integration of automated threat detection systems and the legal implications of penetration testing to enhance cybersecurity resilience.}, number={1}, publisher={Dokuz Eylül Üniversitesi}