Part 1) Methodology.<\/em><\/strong>
Part 2) Client-side attacks.
<\/em><\/strong>Part 3) Server-side attacks.<\/em><\/strong>
<\/p>\n\n\n\n
In Part 1<\/em><\/strong> Methodology, I would be Sharing my knowledge with you about How to start with Web Application pen-testing? So Generally, What is Pen-testing? It’s a practice implemented to mitigate security threats in any domain<\/p><\/blockquote>\n\n\n\n Here we are going to discuss Web Application Pen-testing, There’s one point which I would like to make it clear that web application pen-testing is totally different than bug bounties. So Don’t get confused with it.<\/p>\n\n\n\n There are some security testing standards In web application pen-testing which you would like to follow Such as I would start with basic’s, one should have basic knowledge of how a web application works, some programming knowledge like HTML, CSS Javascript, PHP, MYSQL..etc. How would you go for it? let divide the web application pen-testing into two parts Client-side attacks are quite different. These are attacks that target vulnerabilities in client applications that interact with a malicious server or process malicious data. Here, the client initiates the connection that could result in an attack. If a client does not interact with a server, it is not at risk, because it doesn\u2019t process any potentially harmful data sent from the server. Client-side pen-testing may consist of vulnerabilities which often takes the form of unpatched software on a desktop or laptop. Depending on the nature of the vulnerable application, an attacker could exploit it via a specially-crafted email attachment or by convincing the user to visit a malicious Web site. Some targets include Web Browser’s, Adobe Acrobat, Macromedia Flash, QuickTime and Java Runtime Environment.<\/p>\n\n\n\n Some of the client side attacks might be like XSS, redirects, Phishing, Clickjacking, IDOR ..etc<\/p>\n\n\n\n Server-side attacks seek to compromise and breach the data and applications that are present on a server. \n\nIn client-side attacks generally what happens is that an attacker can Mess up with the external part of the website mostly but in the server side the attacker is able to change the code or many internal files.\n\n<\/p>\n\n\n\n How to start with Web Application Pen-Testing?<\/p>\n\n\n\n —————————————————————————————————————————————————————-<\/p>\n\n\n\n —————————————————————————————————————————————————————–<\/p>\n\n\n\n So how to go for Enumeration -> Enumeration -> Enumeration <\/p>\n\n\n\n My way for getting a description of the website is Virustotal<\/em><\/strong> After that, once the basic enumeration part is done I would like to go for, So this was my methodology for Web Application pen-testing.<\/p>\n\n\n\n Furthermore, Testing You can go through the Methodology given within the web application hackers handbook. Suppose there’s a Login page now, On the basic login page, we will be having a User name and password field, submit button, Forgot password and Terms and services page link.<\/p>\n\n\n\n https:\/\/xyz.com\/email=ascd@xyz.com&token=aaaasdfgfdhs1232#@$<\/em><\/strong> <\/p>\n\n\n\n Now here if the attacker is able to alter the email address and able to reuse the token or if he is successful in carrying out an HTTP pollution attack here, and if he is able to take over the account by this method then this attack can be called as a client-side attack.<\/p>\n\n\n\n Now on the same page, you can see that there is a terms and services field also, can you check the link given there? can we carry try to carry out an RFI (Remote file inclusion) attack there <\/p>\n\n\n\n
In Part 2<\/em><\/strong> Client-side attacks, I would go in detail for client-side attacks like How to attack? How to mitigate? What are the client side attacks?
In Part 3<\/em><\/strong> Server-side attacks, I would go in detail for Server-side attacks like How to attack? How to mitigate? What are the client side attacks? What is the attack scenario’s ..etc.<\/p>\n\n\n\n
As of me, <\/p>\n\n\n\n![\"\"\/](\"https:\/\/media.giphy.com\/media\/xUySTwI1AoIbf57QKk\/giphy.gif\")
<\/figure><\/div>\n\n\n\nHow to Start Web Application Pen-testing?<\/h4>\n\n\n\n
1) OWASP (Open Web Application Security Project)
2) SANS (Sysadmin, Audit, Network And Security )
3) OSSTMM ( Open source SecurityTesting Methodology Manual)
4) ISSAF ( Information Systems Security Assesment Framework)<\/p>\n\n\n\nIf you would ask me How to?<\/h5>\n\n\n\n
![\"\"](\"https:\/\/media.giphy.com\/media\/3ohc0ZPr8RR5QnjV4c\/giphy.gif\")
<\/figure><\/div>\n\n\n\n
basically, if you have the above then you are good to start web application pen-testing. After this, you Should get know how a web application works its workflow, like what is HTTP? https? …etc.<\/p>\n\n\n\n
1) Client side pen-testing
2) Server-side pen-testing<\/p>\n\n\n\nClient-side pen testing:<\/em><\/strong><\/h4>\n\n\n\n
Server-side Pen-Testing:<\/em><\/strong><\/h4>\n\n\n\n
Server-side attack target web server for downloading or viewing files like scripts, web shells, configuration files without proper authorization. Most of the time server-side attacks don’t require user interaction. These attacks can be used with web servers. We can also use them against a normal computer that people use every day. Some of the server side attacks are like RCE, Shell Uploading, RFI..etc.<\/p>\n\n\n\nEnumeration -> Enumeration -> Enumeration -> Scanning -> Manual testing<\/em><\/strong><\/h4>\n\n\n\n
Looking for subdomain go for Amass<\/em><\/strong>
Looking for any OSNIT info go for Spiderfoot<\/em><\/strong>
Looking for how the application is made using Wappalyzer<\/em><\/strong>
Check for the Components with known vulnerabilities like check for the server name and version which the site is working on, there might be chances that the server might be vulnerable to some RCE, INJECTIONS \u2026etc
Check for Low-level vulnerabilities like SPF, HTTP headers, NO rate limiting \u2026etc<\/p>\n\n\n\n
The medium level and high-level vulnerabilities like XSS, injections, Idor, chain attacks, Privilege escalation..etc.<\/p>\n\n\n\n
1) Analyze the application
2) Test for the client side workflow
3)Test the authentication workflow
4)Test for session management
5)Test for Acces controls
6) Test for Input based Vulnerabilities
7)Tests for business login errors
8) Test for privilege escalation
9) Test for Injection attacks
10) Test for server level attacks<\/p>\n\n\n\nNow let’s take an example,<\/h4>\n\n\n\n
![\"\"](\"https:\/\/ninadmathpati.com\/wp-content\/uploads\/2019\/06\/blog-login1.jpg\")
<\/figure>\n\n\n\n
Now here the client side attack will be like,
There’s a forgot password section in the login page, if the attacker gets a forgot password link such as <\/p>\n\n\n\n