Web Application Testing Methodology (Part 1).

March 20, 2019 | Views: 4697

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Web Application Testing Methodology(Part 1).
 
This will act as introduction to the upcoming series of posts.
So, What will be in the Series ?
Ans. In this series of posts, I’m going to show you step by step method to test a Web Application.
 
Always remember one thing, Every person has its own way to do the work.
 
 
 
Following mentioned things will be discussed.
  • Mapping the Web Application.
  • Preparing the Attack Surface.
  • Testing the Client-Side Controls.
  • Testing the Session Management system.
  • Testing the Auth. Mechanism.
  • Testing the Forget Password Utility.
  • Testing for Input Based Vulnerabilities.
  • Testing for Access Controls.
1. Mapping the Web Application.
 
==> In this phase a penetration tester in simple words, tries to gather information about the target.
 
There are two modes to gather information Active mode and Passive mode.
 
In Passive mode, the tester gathers information without being directly interacting with Web App.
 
In Active mode, the tester uses various utilities in the web application and tries to gather information.
 
 
The tester tries to gather information like :-
  • Purpose for which the web application was made for.
  • Checks for framework like WordPress, Drupal etc.
  • It’s Server information.
  • Programming languages used by Web App.
  • The technologies being used by web application.
  • Checks for Input areas.
  • Checks Output areas.
  • Gathers information about API.
  • Checks for third party files being access by the web app.
  • Port Scanning.
 
Note: Forgive me, if I missed something.
Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
2 Comments
  1. update hare in web application part two

  2. nice one bro.. we are expecting your posts

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel