Codelivly  

Home » Ethical hacking » Learn Web Application Penetration Testing

ETHICAL HACKING

Learn Web Application Penetration

Testing
By Rocky ◆ February 4, 2023 ◆ Updated: February 4, 2023  No Comments  8 Mins Read

 Share     

Web application security is critical in today’s digital world, and web application penetration
testing is a crucial part of ensuring the security of your web applications. This is the process
of simulating an attack on a web application to identify vulnerabilities that could be exploited
by attackers.
In this article, we will explore the basics of web application penetration testing and the steps
involved in conducting a successful test.
1. Planning and reconnaissance
The first stage involves:
Defining the scope and goals of a test, including the systems to be addressed and the
testing methods to be used.
Gathering intelligence (e.g., network and domain names, mail server) to better
understand how a target works and its potential vulnerabilities.
2. Scanning
The next step is to understand how the target application will respond to various intrusion
attempts. This is typically done using:
Static analysis – Inspecting an application’s code to estimate the way it behaves while
running. These tools can scan the entirety of the code in a single pass.
Dynamic analysis – Inspecting an application’s code in a running state. This is a more
practical way of scanning, as it provides a real-time view into an application’s
performance.
3. Gaining Access
This stage uses web application attacks, such as cross-site scripting, SQL
injection and backdoors, to uncover a target’s vulnerabilities. Testers then try and exploit
these vulnerabilities, typically by escalating privileges, stealing data, intercepting traffic, etc.,
to understand the damage they can cause.
4. Maintaining access
The goal of this stage is to see if the vulnerability can be used to achieve a persistent
presence in the exploited system— long enough for a bad actor to gain in-depth access. The
idea is to imitate advanced persistent threats, which often remain in a system for months in
order to steal an organization’s most sensitive data.
5. Analysis
The results of the penetration test are then compiled into a report detailing:
Specific vulnerabilities that were exploited
 Sensitive data that was accessed
The amount of time the pen tester was able to remain in the system undetected
This information is analyzed by security personnel to help configure an enterprise’s WAF
settings and other application security solutions to patch vulnerabilities and protect against
future attacks.
Let’s look a closer look for the resources

#Resources To Learn
Learn How Certain Programming Languages Are Structured
No, you don’t need to be a master in every programming language ever created. You don’t
need the skills to single-handedly create the next Google. You do not need to be the tech-
equivalent of Michelangelo preparing to 3D print David.
You should, however, have a good sense of how certain programming languages are
structured. You should also understand command line.
There are many paid subscription programs out there, like Codecademy, that offer a strong,
structured way to learn programming languages. But as I promised, this is a compendium of
free and open source resources. Here are a few starting points:
● JavaScript
o Introduction to JavaScript (free from Codecademy)
o Learn JavaScript
● SQL
o SQLZoo
● Python
o Note: Python 2 has been deprecated. I recommend you use resources for Python 3.
o Learn Python
o Google’s Python Class
● Command Line
o A Command Line Crash Course
o A Command Line Primer for Beginners

Phase 1 — History
1. History of Internet

Phase 2 — Web and Server Technology

1. Basic concepts of web applications, how they work and the HTTP protocol
2. HTML basics part 1
3. HTML basics part 2
4. Difference between static and dynamic website
5. HTTP protocol Understanding
6. Parts of HTTP Request
7. Parts of HTTP Response
8. Various HTTP Methods
9. Understanding URLS
10. Intro to REST
11. HTTP Request & Response Headers
12. What is a cookie
13. HTTP Status codes
14. HTTP Proxy
15. Authentication with HTTP
16. HTTP basic and digest authentication
17. What is “Server-Side”
18. Server and client side with example
19. What is a session
20. Introduction to UTF-8 and Unicode
21. URL encoding
22. HTML encoding
23. Base64 encoding
24. Hex encoding & ASCII

Phase 3 — Setting up the lab with BurpSuite and bWAPP

MANISH AGRAWAL

1. Setup lab with bWAPP

2. Set up Burp Suite
3. Configure Firefox and add certificate
4. Mapping and scoping website
5. Spidering
6. Active and passive scanning
7. Scanner options and demo
8. Introduction to password security
9. Intruder
10. Intruder attack types
11. Payload settings
12. Intruder settings
ÆTHER SECURITY LAB

1. №1 Penetration testing tool

2. Environment Setup
3. General concept
4. Proxy module
5. Repeater module
 6. Target and spider module
7. Sequencer and scanner module

Phase 4 — Mapping the application and attack surface

1. Spidering
2. Mapping application using robots.txt
3. Discover hidden contents using dirbuster
4. Dirbuster in detail
5. Discover hidden directories and files with intruder
6. Identify application entry points
7. Identify application entry points Pt.2
8. Identify client and server technology
9. Identify server technology using banner grabbing (telnet)
10. Identify server technology using http recon

Phase 5 — Understanding and exploiting OWASP top 10

vulnerabilities
1. A closer look at all OWASP top 10 vulnerabilities
IBM

1. Injection
2. Broken authentication and session management
3. Cross-site scripting
4. Insecure direct object reference
5. Security misconfiguration
6. Sensitive data exposure
7. Missing functional level access controls
8. Cross-site request forgery
9. Using components with known vulnerabilities
10. Unvalidated redirects and forwards
F5 CENTRAL

1. Injection
2. Broken authentication and session management
3. Insecure deserialisation
4. Sensitive data exposure
5. Broken access control
6. Insufficient logging and monitoring
7. XML external entities
8. Using components with known vulnerabilities
9. Cross-site scripting
10. Security misconfiguration
LUKE BRINER

1. Injection explained
2. Broken authentication and session management
3. Cross-site scripting
4. Insecure direct object reference
5. Security misconfiguration
6. Sensitive data exposure
7. Missing functional level access control
8. Cross-site request forgery
9. Components with known vulnerabilities
10. Unvalidated redirects and forwards

Phase 6 — Bypassing client-side controls

1. What is hidden forms in HTML
2. Bypassing hidden form fields using tamper data
 3. Bypassing hidden form fields using Burp Suite (Purchase application)
4. Changing price on eCommerce website using parameter tampering
5. Understanding cookie in detail
6. Cookie tampering with tamper data
7. Cookie tamper part 2
8. Understanding referer header in depth using Cisco product
9. Introduction to ASP.NET viewstate
10. ASP.NET viewstate in depth
11. Analyse sensitive data in ASP.NET viewstate

Phase 7 — Attacking authentication/login

1. Attacking login panel with bad password — Guess username password for the website
and try different combinations
2. Brute-force login panel
3. Username enumeration
4. Username enumeration with bruteforce password attack
5. Authentication over insecure HTTP protocol
6. Authentication over insecure HTTP protocol Pt.2
7. Forgot password vulnerability — Case 1
8. Forgot password vulnerability — Case 2
9. Login page autocomplete feature enabled
10. Testing for weak password policy
11. Insecure distribution of credentials — When you register in any website or you request
for a password reset using forgot password feature, if the website sends your username
and password over the email in cleartext without sending the password reset link, then it
is a vulnerability.

Phase 8 — Attacking access controls (IDOR, Priv esc, hidden files

and directories)
Completely unprotected functionalities
 1. Finding admin panel
2. Finding admin panel and hidden files and directories
3. Finding hidden webpages with dirbuster
Insecure direct object reference

1. IDOR case 1
2. IDOR case 2
3. IDOR case 3 (zomato)
Privilege escalation

1. What is privilege escalation

2. Privilege escalation
3. Privilege escalation — Case 2

Phase 9 — Attacking data stores (Various types of injection

attacks — SQL|MySQL|NoSQL|Oracle, etc.)
Bypassing login panel

1. Basics of MySQL
2. Bypassing login panel — Case 1
3. Bypass login panel — Case 2
SQL injection

1. Part 1 — Install SQLi lab

2. Part 2 — SQL lab series
3. Part 3 — SQL lab series
4. Part 4 — SQL lab series
5. Part 5 — SQL lab series
6. Part 6 — Double query injection
 7. Part 7 — Double query injection cont..
8. Part 8 — Blind injection boolean based
9. Part 9 — Blind injection time based
10. Part 10 — Dumping DB using outfile
11. Part 11 — Post parameter injection error based
12. Part 12 — POST parameter injection double query based
13. Part 13 — POST parameter injection blind boolean and time based
14. Part 14 — Post parameter injection in UPDATE query
15. Part 15 — Injection in insert query
16. Part 16 — Cookie based injection
17. Part 17 — Second order injection
18. Part 18 — Bypassing blacklist filters — 1
19. Part 19 — Bypassing blacklist filters — 2
20. Part 20 — Bypassing blacklist filters — 3
21. Part 21 — Bypassing WAF
22. Part 22 — Bypassing WAF — Impedance Mismatch
23. Part 23 — Bypassing addslashes — CharSet Mismatch
NoSQL injection

1. Abusing NoSQL databases

2. Making cry — attacking NoSQL for PenTesters
Xpath injection

1. Detailed introduction
2. Practical 1 — bWAPP
3. Practical 2 — Mutillidae
4. Practical 3 — WebGoat
LDAP injection
 1. Introduction and practical 1
2. Practical 2

Phase 10 — Attacking back-end components (OS command

injection, XMl interpreters, mail services, etc.)

OS command injection
1. OS command injection in bWAPP
*******************************************************************

Conclusion
In conclusion, web application penetration testing is an essential component of a
comprehensive security program. By simulating real-world attacks, penetration testers can
identify and mitigate vulnerabilities that could be exploited by malicious actors.
To be an effective web application penetration tester, it is important to have a strong
foundation in web technologies, web application architecture, databases, networking,
operating systems, scripting, and security concepts. In addition, a penetration tester should
have excellent problem-solving skills, the ability to think creatively, and strong communication
skills.
The exploitation process involves several steps, including reconnaissance, vulnerability
assessment, exploitation, post-exploitation, and clean-up. It is important to remember that
exploitation should only be performed by trained security professionals in a controlled
environment and with the explicit consent of the system owner.
By understanding the process and skills required for web application penetration testing,
organizations can better protect their systems and data from malicious actors.
If you found this article helpful, please give it some 👏 and share it with anyone who you think
might find it helpful too! + Feedback
 ethical hacking pentesting web application pentesting

     

 PREVIOUS ARTICLE NEXT ARTICLE 

Social Engineering Attack Life Cycle: The Seven Common Ways To Bypass Login
Art of Human Hacking Page

Rocky     

Rocky is a versatile author sharing in-depth tutorials on web development, AI, and ethical
hacking. Unlock new possibilities and expand your knowledge with Rocky's empowering
content.

Related Posts

CYBER SECURITY NETWORKING

So You Want to Be a Hacker: 2024 Edition Mastering Networking Fundamentals: A

May 8, 2024 Comprehensive Guide for Hackers
April 7, 2024
ETHICAL HACKING

Multiple Ways To Exploiting HTTP

Authentication
March 30, 2024

ADD A COMMENT

Search … SEARCH

Support Us
ABOUT US

This is the Codelivly blog. Here, you will find articles discussing various topics related to coding
and programming. Our goal is to provide helpful resources and advice for beginners and
experienced coders alike.

RECENT POSTS

So You Want to Be a Hacker: 2024 Edition

What is Active Directory? A Beginner’s Guide
Mastering Networking Fundamentals: A Comprehensive Guide for Hackers
Multiple Ways To Exploiting HTTP Authentication
Bypassing Two-Factor Authentication

IMPORTANT PAGE

About Us
Advertise With Us
Contact US
Privacy Policy
Refund Policy
Write For Us

     

© 2024 Codelivly. All Right Reserved