Intro to Web App Pentesting
Last updated
Was this helpful?
Last updated
Was this helpful?
⚡ Prerequisites
Basic Network and Cybersecurity Concepts
📕 Learning Objectives
Understand Web protocols
Perform webapps enumeration
Perform SQL injection, XSS and brute-force attacks
🔬 Training list - PentesterAcademy/INE Labs
subscription required
Web application penetration testing is a process of identifying and exploiting vulnerabilities in web applications to assess their security posture.
🔗📝 Some Web Applications Basics notes are already covered (from the PTSv1 Course)
🗒️ HTTP (HyperText Transfer Protocol) is a protocol used for communication between web servers and clients, such as web browsers. HTTP key features are:
Client-Server Architecture
Stateless Protocol
Request Methods
Status Codes (200,404,500, etc)
(additional information about the request/response)
Cookies (store info on the client-side)
Encryption (HTTPS)
HTTP defines a set of request methods to indicate the desired action to be performed for a given resource. Commonly used HTTP requests are:
GET - retrieve data from the server
HEAD - retrieve metadata about a resource from the server
POST - submit data to the server
PUT - update an existing resource on the server
DELETE - delete a specified resource
CONNECT - establish a tunnel to the server identified by the target resource
OPTIONS - describe the communication options for a resource
TRACE - perform a message loop-back test along the path to the resource
PATCH - apply partial modifications to a resource
HTTP response status codes indicate whether a specific HTTP request has been successfully completed. They are grouped in five classes:
100-199 - Informational responses
200-299 - Successful responses
300-399 - Redirection messages
400-499 - Client error responses
500-599 - Server error responses
An HTTP cookie is a small piece of data that a server sends to a user's web browser. The web browser may store the cookie and send it back to the same server with later requests. Cookies are mainly used for these purposes:
Session management
Personalization
Tracking
🗒️ HTTPS (HTTP Secure) is the encrypted version of HTTP that uses a combination of Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocol and HTTP protocol to provide secure communication.
When a client connects to an HTTPS-enabled website, the server sends its SSL/TLS certificate to the client. The client verifies the certificate to ensure that it is issued by a trusted certificate authority and that it is valid. If the certificate is valid, the client and the server establish a secure connection using a unique session key.
🔬 There are many vulnerable testing web apps like:
📌
📝 Check the HackerSploit's
- a tool used to brute-force URIs including directories and files as well as DNS subdomains.
- an integrated platform for performing security testing of web applications.
🔬 Check covering HTTP Method and Directory Enumeration Techniques
- OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
- a pluggable web server and CGI scanner written in Perl, using rfp’s LibWhisker to perform fast security or informational checks.
🔬 Check covering Web Apps scanning techniques
- an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
(Cross-Site Scripter) - an automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
🗒️ attacks consist of insertion or “injection” of a SQL query via the input data from the client to the application, allowing an attacker to interfere with the database queries of the vulnerable web application.
🗒️ Cross-Site Scripting () attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites, allowing an attacker to compromise the interactions that users have with a vulnerable application.
🔬 Check covering Web Apps Attacking techniques