Ready to Start Your Career?
March 20, 2019
Web Application Testing Methodology (Part 1).
March 20, 2019
Web Application Testing Methodology(Part 1).
This will act as introduction to the upcoming series of posts.
So, What will be in the Series ?
Ans. In this series of posts, I'm going to show you step by step method to test a Web Application.
Always remember one thing, Every person has its own way to do the work.
Following mentioned things will be discussed.
- Mapping the Web Application.
- Preparing the Attack Surface.
- Testing the Client-Side Controls.
- Testing the Session Management system.
- Testing the Auth. Mechanism.
- Testing the Forget Password Utility.
- Testing for Input Based Vulnerabilities.
- Testing for Access Controls.
1. Mapping the Web Application.
==> In this phase a penetration tester in simple words, tries to gather information about the target.
There are two modes to gather information Active mode and Passive mode.
In Passive mode, the tester gathers information without being directly interacting with Web App.
In Active mode, the tester uses various utilities in the web application and tries to gather information.
The tester tries to gather information like :-
- Purpose for which the web application was made for.
- Checks for framework like Wordpress, Drupal etc.
- It's Server information.
- Programming languages used by Web App.
- The technologies being used by web application.
- Checks for Input areas.
- Checks Output areas.
- Gathers information about API.
- Checks for third party files being access by the web app.
- Port Scanning.
Note: Forgive me, if I missed something.