Are you referring to a hosted app server, rather than a dedicated webserver, or what do you mean, specifically, by 'resides in a third party infrastructure' ?
Regardless of where it resides, if you have access to it, the testing / hacking methodologies are the same, except that there may be additional permissions you need to secure, to test the server, if it's owned by a third party. (Heck, they might not allow you to test it, but...) You might encounter web application firewalls, or have to avoid shared configurations, etc, so as not to breach ethics by hitting someone else's site / applications.
But if permissions are obtained from ALL parties, the general testing is the same.
Now, if you mean it's an internal webserver, and is not accessible to the outside, then you either need a way to access it (aka, by pwning a client machine or other box you CAN reach, that in some way, shape or form can access it), or physically get access to it.
If I'm missing your idea, please feel free to elaborate.
~ hayabusa ~
"All men can see these tactics whereby I conquer,
but what none can see is the strategy out of which victory is evolved."
- Sun Tzu, 'The Art of War'
OSCE, OSCP (Former - GPEN, C|EH - both expiring / expired)