Systematic and goal-oriented penetration testing would always start with the right methodology. The following diagram provides the approach to any web application hacking, the methodology is divided into target selection, spider and enumeration, vulnerability scanning, exploitation, covering tracks, and maintaining access:
The preceding approaches are explained in detail as follows:
- Set target: Setting the right target during a penetration test is very important, since attackers will focus on specific vulnerable systems to gain system-level access as per the Kill-chain method.
- Spider and enumerate: During this stage, attackers have already identified the list of web applications to dig deeper into specific vulnerabilities. Multiple methods are engaged to spider all the web pages to find everything relevant to advance into the next stage.
- Vulnerability scanning: All...
