Web application security - the fast guide 1.1 | Page 74

Chapter 4 - Be the attacker
P a g e | 74
result using an open source tool like Maltego can be irresistible, where Maltego
helps visualize the relationships among people, organizations, web sites, Internet
infrastructure can aid in information gathering, and it can find affiliations
between components within an organization. Even with information as simple as
a domain name or an IP address, it can query publicly available records to
discover connections.
Figure 26:maltego finds information about related sites and telephone numbers far specific web site.
4.9.1 Use web server vulnerabilities:
Lot of software used frequently on web server are deployed with default
configuration, folder structure and file locations which makes it good place to dig
for some information.
Brute force approach is also used in checking vulnerabilities in known set of
third party application and web server modules.an example about a good tool for
that purpose is WIKTO
4.9.2 Mapping parameters:
Parameters can be mapped sometimes directly if it was sent through query
string like in:
http://myWebSite/addUser.php?name=sami&mobile=0987655441