Web application penetration testing methodology

by do son · Published August 24, 2019 · Updated October 10, 2021

SONY DSC

Web application penetration testing methodology

For web application penetration testing, generally divided into three stages: information gathering, vulnerability scanning, and exploitation. Here I am talking about each stage need to do things.

“DSC05476”by dfarrell07 is licensed under CC BY-SA 2.0

Information gathering

In the information collection phase, we need to collect as much information about the target web application as possible, such as the type of script language, the type of server, the structure of the directory, the open-source software used, the database type, all the links page, Frame and so on

The type of scripting language

Common types of scripting languages include: PHP, asp, aspx, jsp and so on

Test Methods

crawl all links to the site, view suffixes
direct access to a non-existent page followed by a different suffix test
View robots.txt to view the suffix

The type of server

Common web servers include: Apache, Tomcat, IIS, Nginx and so on

Test Methods

View the header, determine the server type
Judgment based on the error message
Judge by default page

The structure of the catalog

Understand more directories, you may find more weaknesses, such as directory browsing, code leakage and so on.

Test Methods

Use the dictionary enumeration directory
Use the crawler to crawl the entire site, or use a search engine such as Google to get it
Check if robots.txt is missing

Use the open-source software

If we know the target using the open-source software, we can find the relevant software vulnerabilities directly to the site for testing.

Test Methods

Fingerprint recognition (there are many open-source fingerprint recognition tools on the network)

Database type

There are different test methods for different databases.

Test Methods

make the application error, see the error message
scan the server’s database port

All links to the page

This is similar to the previous get the directory structure, but this is not just to get all the features of the site page, and sometimes can also get to the administrator backup source.

Test Methods

Use the dictionary to enumerate the page
Use the crawler to crawl the entire site, or use a search engine such as Google to get it
Check if robots.txt is missing

Use the frame

Many sites use the open-source framework to quickly develop the site, so the collection of the framework of the site information is also very critical.

Test Methods

Fingerprint recognition (there are many open-source fingerprint recognition tools on the network)

Vulnerability Scanning

At this stage we are doing the test time to prescribe the right medicine, can not blindly scan, first of all, to determine whether the target application is open-source software, an open-source framework, and then do a deep vulnerability scan.

The exploitation of open source software

Open-source software

Common open-source software are: WordPress, PhpBB, and so on

Open-source framework

Common open-source framework: Struts2, Spring MVC, ThinkPHP and so on

Middleware server

Common middleware servers are: jboss, tomcat, weblogic and so on

Database services

Common database services: mssql, mysql, oracle, redis, Sybase, MongoDB, DB2, etc.

For open-source software testing methods

through the fingerprint identification software to determine the version of open-source software information for different versions of the information to open the vulnerability database to find the corresponding version of the vulnerability to test
for the default background login page, database service port authentication and other entries can be a simple violent crack, the default password to try to operate
use open source vulnerability discovery tool for its vulnerability scanning, such as WPScan

On the application of independent development

Manual test

At this stage, we need to manually test all functions that interact with the user, such as message, login, order, exit, return, payment, and other operations

Software scanning

Use free software scanning, such as AppScan, HP WebInspect, Netsparker, BurpSuite and so on

Exploit

This stage is the final stage of web penetration testing, different vulnerabilities for different ways to use, the need for more knowledge points. In general, this stage includes two ways, one is manual testing, one is the tool test

Manual test

This way for a special filter and other operations, or the network is not forming the use of tools can be used in the skilled, they can write their own use of tools instead of manual operation, after all, manual operation is very tired. Sometimes can be combined with the server configuration problems, increase the success rate.