In this section, we're going to learn what resource discovery is and why it is important when testing web applications. Also, we're going to introduce FUZZDB, which is going to be used in the next section as our dictionary database.
You will remember that, in Chapter 1, Introduction to Web Application Penetration Testing, we learned about the penetration testing process. The second phase in the process was mapping. In the mapping phase, we need to build a map or catalog of the application pages and functionalities. In earlier sections, we learned how to perform application mapping using a crawler. We also learned that crawlers have some limitations. For example, links generated by JS are not identified by crawlers. This can be overcome by using HTTP proxies or by using a headless browser such as PhantomJS. If we do that, we should be able...
