Web application hacking methodology
Systematic and goal-oriented penetration testing always starts with the right methodology. The following diagram shows how web application hacking is done:
The methodology is divided into six stages: set target, spider and enumerate, vulnerability scanning, exploitation, cover tracks, and maintain access. These are explained in detail as follows:
- Set target: Setting the right target during a penetration test is very important, as attackers will focus more on specific vulnerable systems to gain system-level access, as per the kill chain method.
- Spider and enumerate: At this point, attackers have identified the list of web applications and are digging deeper into specific vulnerabilities. Multiple methods are engaged to spider all the web pages, identify technology, and find everything relevant to advance to the next stage.
- Vulnerability scanning: All known vulnerabilities are collected during this phase, using well-known vulnerability databases containing public...