Any professional pentesters or someone working in cybersecurity as a profession? I need some advice. The company I intern with right now wants me to test their web applications for security (they really don't care so much about security). I just wanted to know is there a standard set of procedures or a checklist that is usually followed? I know automated testing is not all that effective against web applications but what are the steps you usually take?
As of now, I have run tests and am now performing a code review but it's in PHP and I'm not really good with it. I'd like to know what more is done as a standard please.

  • 3
    Well, a few things you can try (from the back of my head):

    1. Try putting HTML into form fields. Is it rendered somewhere in the app? XSS vuln.

    2. Put quotes into form fields that you suspect are interacting with the database. Error 500 / Blank Page? Possibly SQLi

    3. Try your hand at an automated scanner - OWASP ZAP is FLOSS and very good - you set it up as a proxy, browse the target application and the tool automatically tries to exploit some things.

    4. Remember that you can change the things that select fields send as values - do so using your browser's inspector (or use an interceptor).

    5. Capture and modify requests to the target app, include (quoted) SQL, broken UTF-8 chars, HTML Code, <script></script> tags and look how the app handles it.

    6. Generally, mess around with anything you can (on the client side) and see if you can break anything on the server side.

    7. Fuzz it (aka send random bullcrap to the target app). There's tools for that.
  • 1
    @ilPinguino Thanks mate. I'll keep this in mind. :D
Add Comment