May 28, 2014 at 7:25 pm #8704ashksh1991Participant
I am new to hacking. I am curious to know how a server for a web application is pen tested as in what are the steps and how to go about do the code review . It will be great if some one can shed some light on that. Any lead will be really appreciated.
May 29, 2014 at 12:33 am #53830dynamikParticipant
These will give you a general idea of the overall penetration testing process:
In terms of the web application, OWASP has a section for code review, along with a ton of other resources for attacks, safeguards, tools, etc.:
June 10, 2014 at 11:43 pm #53831ashksh1991Participant
Thanks a lot for those links. They are highly resourceful.
But I have one more question. If a web application server resides in a third party infrastructure , how can one hack it? Any input will be useful.
June 13, 2014 at 9:48 pm #53832hayabusaParticipant
Are you referring to a hosted app server, rather than a dedicated webserver, or what do you mean, specifically, by ‘resides in a third party infrastructure’ ?
Regardless of where it resides, if you have access to it, the testing / hacking methodologies are the same, except that there may be additional permissions you need to secure, to test the server, if it’s owned by a third party. (Heck, they might not allow you to test it, but…) You might encounter web application firewalls, or have to avoid shared configurations, etc, so as not to breach ethics by hitting someone else’s site / applications.
But if permissions are obtained from ALL parties, the general testing is the same.
Now, if you mean it’s an internal webserver, and is not accessible to the outside, then you either need a way to access it (aka, by pwning a client machine or other box you CAN reach, that in some way, shape or form can access it), or physically get access to it.
If I’m missing your idea, please feel free to elaborate.
- You must be logged in to reply to this topic.