Web Application Penetration Testing (WAPT): Introduction
Hello world, let's start a new exciting journey about Web Application Penetration Testing (WAPT), which is a security testing method that involves the identification, analysis, and exploitation of vulnerabilities in web applications with the aim of improving their resistance to cyber attacks. The primary goal of WAPT is to simulate a real-world attack on a web application’s systems, much like a hacker, but in a controlled and informed manner and from a defensive perspective.
These are the main steps involved in WAPT activity:
- Scope Definition: First of all, you need to understand the boundaries of the testing (e.g., list of domains, subdomains, and functionalities). The rest must be excluded if you want to avoid legal problems.
- Information Gathering: Collect as much information as possible about the web application in scope (e.g., technologies used and application structure). This can be done manually or through automated tools.
- Scanning & Vulnerability Assessment: Start by using automated scanners to identify simple vulnerabilities (e.g., SQL injection entry points and misconfigurations), then use your hacking skills to identify more complex vulnerabilities that cannot be identified automatically.
- Exploitation: This is the most interesting phase where the ethical hacker actually tries to exploit the previously identified vulnerabilities to understand the level of access that can be achieved and create a PoC (Proof of Concept). After the exploitation, in some cases, testers may also assess the possibility of maintaining a persistent threat within the web application.
- Reporting: Report all your findings, including PoCs and a list of possible recommendations to help developers fix the vulnerabilities found.
- Re-Testing: After vulnerabilities have been fixed by developers, you re-test the vulnerable web application functionalities to validate the countermeasures applied and to ensure that no new vulnerabilities have been introduced.
In this journey, I will focus exclusively on the Exploitation step because it is the most interesting one. Here is the list of attacks and tools you will learn:
- SQL Injection
- SQLMap
- NoSQL Injection
- XSS (Cross-Site Scripting)
- CSRF (Cross-Site Request Forgery)
- Clickjacking
- CORS (Cross-Origin Resource Sharing)
- XXE (XML External Entity) Injection
- SSRF (Server-Side Request Forgery)
- HTTP Request Smuggling
- Command Injection
- Server-side Template Injection
- Path Traversal
- Broken Access Control
- JWT Vulnerabilities
- Web Cache Poisoning
- Insecure Deserialization
- Information Disclosure
- Business Logic Vulnerabilities
- HTTP Host Header Attacks
- Unrestricted File Upload
- Prototype Pollution
- GraphQL API Vulnerabilities
- Race Conditions
- Burp
If you are interested also in the other phases, please let us know! 😄
Do you want to suggest us other interesting journeys? Please share your opinion below and let’s build a supportive and informative community together! 🤝