Remember in Chapter 1, Introduction to Web Application Penetration Testing, that we learned about the penetration testing process. In that process, the second phase was mapping.
In the mapping phase, we need to build a map or catalog of the application resources and functionalities. As a security tester, we aim to identify all the components and entry points in the app. The main components that we are interested in are the resources that take parameters as input, the forms, and the directories.
The mapping is mainly performed with a crawler. Crawlers are also known as spiders, and usually, they perform scraping tasks, which means that they will also extract interesting data from the application such as emails, forms, comments, hidden fields, and more.
In order to perform application mapping, we have the following options:
- The first technique is crawling...
