Introduction
People think that web application penetration testing is a simple task, but it's not, it involves a lot of duties before starting the tests. The main activities for web application penetration testing would be:
- Source Code Review or Static Code Analysis: This activity involves the analysis of the source code to identify bad security practices.
- Web Intrusion Test or Dynamic Code Analysis: This activity checks if the client's website is vulnerable to attacks like Cross-Site Scripting, SQL Injection, and so on.
- Infrastructure Test: This will involve the web server and the database server vulnerabilities assessment and exploitation if it's feasible.
- Information Gathering: In this activity, you will collect information about your client using the internet's resources. This test will reveal any data leakage to the public.
This chapter will help you to learn how to sign all the necessary contracts before starting the tests. Also, you will learn how to estimate, scope, and schedule your...