Web application penetration testing methodology – Penetration Testing

Web application penetration testing methodology

For web application penetration testing, generally divided into three stages: information gathering, vulnerability scanning, and exploitation. Here I am talking about each stage need to do things.

Information gathering

In the information collection phase, we need to collect as much information about the target web application as possible, such as the type of script language, the type of server, the structure of the directory, the open source software used, the database type, all the links page, Frame and so on

The type of scripting language

Common types of scripting languages include: PHP, asp, aspx, jsp and so on

Test Methods

crawl all links to the site, view suffixes

direct access to a non-existent page followed by a different suffix test

View robots.txt to view the suffix

The type of server

Common web servers include: Apache, Tomcat, IIS, Nginx and so on

Test Methods

View the header, determine the server type

Judgment based on the error message

Judge by default page

The structure of the catalog

Understand more directories, you may find more weaknesses, such as: directory browsing, code leakage and so on.

Test Methods

Use the dictionary enumeration directory

Use the crawler to crawl the entire site, or use a search engine such as google to get it

Check if robots.txt is missing

Use the open source software

If we know the target using the open source software, we can find the relevant software vulnerabilities directly to the site for testing.

Test Methods

Fingerprint recognition (there are many open source fingerprint recognition tools on the network)

Database type

There are different test methods for different databases.

Test Methods

make the application error, see the error message

scan the server’s database port

All links to the page

This is similar to the previous get the directory structure, but this is not just to get all the features of the site page, and sometimes can also get to the administrator backup source.

Test Methods

Use the dictionary to enumerate the page

Use the crawler to crawl the entire site, or use a search engine such as google to get it

Check if robots.txt is missing

Use the frame

Many sites use open source framework to quickly develop the site, so the collection of the framework of the site information is also very critical.

Test Methods

Fingerprint recognition (there are many open source fingerprint recognition tools on the network)

Vulnerability Scanning

At this stage we are doing the test time to prescribe the right medicine, can not blindly scan, first of all to determine whether the target application is open source software, open source framework, and then do a deep vulnerability scan.

Exploitation of open source software

Open source software

Common open source software are: wordpress, phpbb, dedecms and so on

Open source framework

Common open source framework: Struts2, Spring MVC, ThinkPHP and so on

Middleware server

Common middleware servers are: jboss, tomcat, weblogic and so on

Database services

Common database services: mssql, mysql, oracle, redis, sybase, MongoDB, DB2, etc.

For open source software testing methods

through the fingerprint identification software to determine the version of open source software information for different versions of the information to open the vulnerability database to find the corresponding version of the vulnerability to test

for the default background login page, database service port authentication and other entries can be a simple violent crack, the default password to try to operate

use open source vulnerability discovery tool for its vulnerability scanning, such as: WPScan

On the application of independent development

Manual test

At this stage, we need to manually test all functions that interact with the user, such as message, login, order, exit, return, payment and other operations

Software scanning

Use free software scanning, such as AppScan, HP WebInspect, Netsparker, BurpSuite and so on

Exploit

This stage is the final stage of web penetration testing, different vulnerabilities for different ways to use, the need for more knowledge points. In general, this stage includes two ways, one is manual testing, one is the tool test

Manual test

This way for a special filter and other operations, or the network is not forming the use of tools can be used in the skilled, they can write their own use of tools instead of manual operation, after all, manual operation is very tired. Sometimes can be combined with the server configuration problems, increase the success rate.

Tool testing

There are a lot of free use of the network tools, such as SQLmap for SQL injection, for software vulnerabilities Metasploit and so on.

The post Web application penetration testing methodology appeared first on Penetration Testing.

http://ift.tt/2u6MLW0 http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s