In this article we’ll define how web applications are associated with network penetration testing and ethical hacking. In this up-front overview, we’ll also define web applications.Some of the most widespread web application vulnerabilities found today are Cross-Site Request Forgery (XSRF), Cross-Site Scripting (XSS), SQL Injection etc,
In the penetration testing and ethical hacking field, network tests are often considered a separate kind of project from web application tests. The skills associated with each kind of test are, for the most part, distinct and specialized. Some testers focus on network tests, dealing with finding flaws in network-accessible services and clients. Other testers specialize in finding flaws in web applications. A smaller number of testers work both sides, dealing with network tests and web app tests.
Even if you focus exclusively on network penetration tests, you still need to be familiar with various web application vulnerabilities and tools for testing web apps. Sometimes, we are asked in a network test to perform a cursory review of a web app. Other times, we need to interact with web app pen testers to share findings and cooperate in a given attack. And, for some of us, we need to be able to perform both network tests and web app tests.
Before we get into the guts of web application vulnerabilities and testing, let’s start out by defining a web application. There are two fundamental properties that define a web application. First, the web app is accessed via HTTP or and/or HTTPS across the network. Secondly, web apps involve a web server. Those are the only two crucial properties that make a web application a web application.
Most (but not all) web applications involve a browser or related client that sends, receives, and renders HTML via HTTP and/or HTTPS. The browser may be a full-fledged browsing application, such as Internet Explorer or Firefox. Or, it could be a more specialized program, such as the iTunes music player. Furthermore, many (but not all) web apps involve a back end database that stores information for the web application. The most popular database back-ends to web apps are Microsoft SQL Server, Oracle, and MySQL.
Most attacks in the wild today deal with finding flaws in these three components and the way that they interact with each other: the logic of the web application on the web server, the web server and web browser’s interactions, and the web server and database’s interactions.
In the penetration testing and ethical hacking field, network tests are often considered a separate kind of project from web application tests. The skills associated with each kind of test are, for the most part, distinct and specialized. Some testers focus on network tests, dealing with finding flaws in network-accessible services and clients. Other testers specialize in finding flaws in web applications. A smaller number of testers work both sides, dealing with network tests and web app tests.
Even if you focus exclusively on network penetration tests, you still need to be familiar with various web application vulnerabilities and tools for testing web apps. Sometimes, we are asked in a network test to perform a cursory review of a web app. Other times, we need to interact with web app pen testers to share findings and cooperate in a given attack. And, for some of us, we need to be able to perform both network tests and web app tests.
Before we get into the guts of web application vulnerabilities and testing, let’s start out by defining a web application. There are two fundamental properties that define a web application. First, the web app is accessed via HTTP or and/or HTTPS across the network. Secondly, web apps involve a web server. Those are the only two crucial properties that make a web application a web application.
Most (but not all) web applications involve a browser or related client that sends, receives, and renders HTML via HTTP and/or HTTPS. The browser may be a full-fledged browsing application, such as Internet Explorer or Firefox. Or, it could be a more specialized program, such as the iTunes music player. Furthermore, many (but not all) web apps involve a back end database that stores information for the web application. The most popular database back-ends to web apps are Microsoft SQL Server, Oracle, and MySQL.
Most attacks in the wild today deal with finding flaws in these three components and the way that they interact with each other: the logic of the web application on the web server, the web server and web browser’s interactions, and the web server and database’s interactions.
0 comments:
Post a Comment