Web application security - the fast guide 1.1 | Page 68
Chapter 4 - Be the attacker
P a g e | 68
time invested in Mapping and analysis phases this is why the attacker
needs to cover his trace and minimize the attack detection possibility.
Trace coverage is a process that should begin with mapping phase and
finalize the whole process.
4.4 Mapping
Network
Mediators
DNS
Server
OS
Mapping Infrastructure
Functionalities
Workflow
Components
Data
Mapping Application
Mapping includes all tasks done for the purpose of collecting information about
application and infrastructure of the potential victim.
Mapping infrastructure: mapping infra structure includes collecting
information about servers’ networks operating systems and DNS entries of the
potential victim.
Mapping Application: this includes creating a full profile for the application
comprising functionalities, components, flow and data.
We will cover those main tasks focusing on application mapping more than infra
structure due to the subject scope.
4.5 Mapping infrastructure
Even though that mapping infra structure is outside our course scope but it is
vital to remind with some of the main practices and tools that can be used in that
phase