Web application security - the fast guide 1.1 | Page 81
Chapter 4 - Be the attacker
P a g e | 81
Search collected information for any sign of possible SQL injection,
Database issue, root database account or any code or discovered
comment that might give partial or full access to the database.
Available upload or download functionalities with path traversal
vulnerability that give the ability to benefit relative path that use double
dots ( ..\ ) to enable manipulation files or folders outside the root
directory by manipulating the parameters.
Check for ability to display user supplied data cross site scripting or
possibility of injecting or storing a cross site scripting on uploading a file
or open editors.
Check ability to use invalidated parameters pushed to pages that do
redirects to check Invalidated Redirects and Forwards or dynamic
redirects.
Login issues and possibility of using brute force attack: any hints found
about passwords or comments about user name can be added to attack
dictionary which might minimize effort and time needed to break in.
Isolate available information that might help in escalate privileges like
cookies and session state information.
Using collected info try to identify non encrypted communication
channels
Identify interfaces to external system it might represent an information
leakage point
Analyze all generated error message for information leakage.
Identify any pages that interact with mail server to try command or email
injection
Identify the usage of native code that might be a potential vulnerability
for buffer over flow.
Identify any known structure , folder names , themes from known third
party application which can open the door to search for known
vulnerabilities
Identify common vulnerability in the used web server.
For web application security. You can benefit from many available tools to help
to scan the application and give a good initial picture about the attack surface.
4.15 More mapping tools
4.15.1 OWASP Zed Attack Proxy Project:
ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in
web applications.ZAP provides automated scanners as well as a set of tools that
allow you to find security vulnerabilities manually.