Monday, January 20, 2014

Manual Web Application Penetration Testing: Identifying Application Entry Points

Introduction
In this article, I will show you how to find injection points for your target host and how the webpage is encoded when it comes to the client side from the server.

Identifying Injection Points
If your web page is static, you cannot test it for security concern. You can test it at some sort of view but you can’t play with it much as compared to a dynamic page. The Nikto scanner is a good utility that works best in testing static sites. There has to be some interaction between client and server via login panel, comment section, register page, contact form, and so on.

No comments:

Post a Comment