Introduction
Web applications and web services are used to execute remote access features as well as to manage devices. A great deal of power can be given to web applications of IoT devices that would enable remotely executable control over to an attacker. Certain products such as connected vehicles or smart door locks with remotely executable vulnerabilities can cause harm and personal safety risks to its users. When testing products in the before mentioned categories of IoT, locating vulnerabilities with the highest risk and impact to users are the first to target. In this chapter, we will show how to select a web application testing methodology, setup your web testing toolkit, as well as discuss how to discover and exploit some of the most commonly found embedded web application vulnerabilities.
