h4cker/recon/webapp_recon.md
2024-07-01 11:57:37 -04:00

2.4 KiB

Web Application Security Testing Methodology

1. Mapping the Application

Mapping the application is a critical initial phase in security testing. It involves understanding the visible and underlying structure of the application to effectively tailor the testing strategy.

Explore Visible Content

  • Objective: Identify all publicly accessible endpoints and files.
  • Methods: Use tools like web crawlers and directory brute forcing tools.

Consult Public Resources

  • Objective: Gather information from publicly available sources.
  • Methods: Check documentation, forums, and other related publications.

Discover Hidden Content

  • Objective: Uncover potentially hidden or non-indexed directories and files.
  • Methods: Employ tools that perform forced browsing and directory listing.

Discover Default Content

  • Objective: Identify common or default files and directories.
  • Methods: Use lists of known default installation paths and filenames.

Enumerate Identifier-Specified Functions

  • Objective: Determine the functionality exposed through URL parameters or function-specific paths.
  • Methods: Analyze URL patterns and parameter names for hints of underlying functionality.

Test for Debug Parameters

  • Objective: Discover any leftover or undocumented debug parameters that could expose sensitive information.
  • Methods: Attempt common debug parameter names and observe responses for changes in behavior or information disclosure.

2. Analyze the Application

This step involves a deeper analysis of the application's build and behavior to identify potential security vulnerabilities.

Identify Functionality

  • Objective: Catalog all functions the application performs.
  • Methods: Systematic usage and testing of all features.

Identify Data Entry Points

  • Objective: List all points where user input is accepted.
  • Methods: Review forms, API endpoints, and any other interfaces.

Identify the Technologies Used

  • Objective: Determine all underlying technologies (frameworks, libraries, servers).
  • Methods: HTTP headers, file extensions, and error messages can reveal software versions and types.

Map the Attack Surface

  • Objective: Understand all areas of the application that can potentially be attacked.
  • Methods: Combine the information from functionality, data entry points, and technology identification to visualize the complete attack surface.