Pen testing a Cent OS

Viewing 3 reply threads
  • Author
    Posts
    • #8704
      ashksh1991
      Participant

      Hello All,
      I am new to hacking. I am curious to know how a server for a web application is pen tested as in what are the steps and how to go about do the code review . It will be great if some one can shed some light on that. Any lead will be really appreciated.

    • #53830
      dynamik
      Participant

      These will give you a general idea of the overall penetration testing process:
      http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
      http://www.pentest-standard.org/index.php/Main_Page

      In terms of the web application, OWASP has a section for code review, along with a ton of other resources for attacks, safeguards, tools, etc.:
      https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
      https://www.owasp.org

    • #53831
      ashksh1991
      Participant

      Hello Dynamik
      Thanks a lot for those links. They are highly resourceful.

      But I have one more question. If a web application server resides in a third party infrastructure , how can one hack it? Any input will be useful.

      Thanks.

    • #53832
      hayabusa
      Participant

      Are you referring to a hosted app server, rather than a dedicated webserver, or what do you mean, specifically, by ‘resides in a third party infrastructure’ ?

      Regardless of where it resides, if you have access to it, the testing / hacking methodologies are the same, except that there may be additional permissions you need to secure, to test the server, if it’s owned by a third party. (Heck, they might not allow you to test it, but…) You might encounter web application firewalls, or have to avoid shared configurations, etc, so as not to breach ethics by hitting someone else’s site / applications.

      But if permissions are obtained from ALL parties, the general testing is the same.

      Now, if you mean it’s an internal webserver, and is not accessible to the outside, then you either need a way to access it (aka, by pwning a client machine or other box you CAN reach, that in some way, shape or form can access it), or physically get access to it.

      If I’m missing your idea, please feel free to elaborate.

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?