In this chapter, we examined websites and the services that they provide to authorized users from the perspective of an attacker. We applied the kill chain perspective to web services in order to understand the correct application of reconnaissance and vulnerability scanning.
Several different techniques were presented: we focused on the hacker's mindset while attacking a web application and what type of methodology is utilized during the penetration testing a web application; we learned how client-side proxies could be used to perform various different attacks; and we looked at a different set of tools that can perform brute-force attacks on websites and also run OS-level commands through web application. Only a select few exploits were reviewed, and we completed the chapter with an examination of a web shell that is specific for web services.
In the next chapter...
