Web Application Testing

Hackers For Charity

Before performing a web application test, it is key that you first understand the basics of HTTP protocol and how it works to requests sent and to responses received.
You can go for the easier option of firing web application scanners like
Acunetix, Web Inspect , Nikto or any other web vulnerability scanner and they can do the work for you but even vulnerability scanners tend to miss some vulnerabilities.
If you dont have the basics with web application testing, I would suggest you first setup a simple lab with vulnerable web applications. Such applications include the famous Webgoat by OWASP, Foundstone Hacme series and there are also a few other good platforms you can use. Irongeek has documented a good list of vulnerable web applications here.

They are quite easy to setup and come with tutorials to guide you through every step, a great learning tool for the beginner and also the expert may see some things they overlook.
There are also some good books on Web application testing , a favourite of mine is by Wrox publishing: Pentesting for web applications. It covers well the basics to the expert stuff.
Fortunately OWASP have come up with a bundled application all in one live cd called the Lab Rat. It contains recent tools like Grendel, Maltego from the great Roelf T for information Gathering, and a lot of other cool tools. Check out the cd here

There are also several tools and plugins you can use during the web application process. My favourite tools are
Tamper Data– Firefox plugin to change on the fly data
Webscarab -Great proxy
w3af– Web application attack and auditing framework
Nikto– Web vuln scanner
Show ip– Firefox plugin to show ip address

Take time to learn and not to rush through the tutorials offered. the thing is that you understand how its done , not just to break it.
Happy web pentesting learning.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s