So far, in this book, we have identified and exploited vulnerabilities in conditions where they could be considered low hanging fruits, that is, we knew the vulnerabilities existed, and in their exploitation, we didn't face any prevention mechanisms or had to avoid being blocked by a web application firewall or similar.
The most common scenario in a real-world penetration test is that developers have made an effort to build a robust and secure application, and vulnerabilities may not be straightforward to find and may be completely or partially addressed so they are either not present in the application, or are at least hard to find and exploit. For this scenario, we need to have in our arsenal tools that allow us to discover ways to overcome these complications and, be able to identify and exploit flaws that the developers thought they had prevented, but did...
