Practical Web Application Penetration Testing Series
Today, I'm gonna start series of how to do Practical Web Application Penetration Testing on an online website in black box mode. For pentesting a website, we need to perform the following steps:
- Find the technology and the programming language used.
- Find all sub-domains that exist for the website and repeat number 1 for them too (very important: these sub-domains usually are less interactive with users, so programmers don’t pay much attention to their security).
- Test every input including the header and the body of the web pages in the site, and sub domains for possible vulnerabilities with a web vulnerability scanner like burp-suite (automation is good).
- If security issues were found, then try to find a proof of concept for them.
- Make a good documented report for the vulnerabilities.
- "Good" means that it is a logical report that someone else could follow/understand without knowing the full context.
So, let's start with a sample vulnerable website of acunetix: http://testphp.acunetix.com/
Step 1: We can use the http://builtwith.com/ website as it is an online website for finding the technologies and languages used for a website. It is up to date and I like it more than whatweb script in Kali Linux; however, we could still use whatweb in Kali Linux. I will show you both. Go to http://builtwith.com/ and put the url http://testphp.acunetix.com/ in the input box, then click the lookup button.
After a second, it shows many useful tidbits of info about the given website such as the kind of WebServer, the kind of Frameworks and …
What is very important for us is the webserver and framework. We can see that the web server is nginx 1.4 and the language of the website is php.
Alternatively we can use whatweb in kali:
We found many useful bits of information about the website. In the next chapter we will start the burp suite scanner and go further.Thanks!