There is no substitute to the human mind. In this section, we will focus more on how a web application looks from the perspective of an attacker. The following diagram shows the mindmap of hacking a web application:
The mindmap is basically split into two categories: attackers can attack either server-side vulnerabilities or client-side vulnerabilities.
The server-side and client-side vulnerabilities normally occur due to the following simple reasons:
- Usage of old/unpatched technology
- Poor security configuration
- Coding the app with no security in mind
- Human factor – lack of skilled staff
On the server side, attackers would typically perform the following list of attacks:
- Web application firewall evasion
- SQL injection
- Remote code execution
- Remote file inclusion/local file inclusion
- Path traversal
- Exploiting session management
- Exploiting logic of the...
