Web Pentesting

Pentesting of we bapplication

Pentesting  is basically security testing of the application with different attack vectors. We can divide it into two parts.

  1. Automated Pentesting (Tool Based Testing/ Black Box Testing )
  2. Manual Pentesting
  1. Automatic Pentesting : We need to give URL to the tool and it will perform all the test on the URL with the Predefined definitions.
  2. Manual Pentesting :For Manual Pentesting we need to have Good knowledge of intercept tool like Burp Suite  and patience.  Using Burp Suite you need cover all the site manually and using Spider feature of Burp Suite. In Tool based pentesting there might be chances to miss some part of the pages, We need to find out those areas and need to perform the testing onto them.  Example : on any page if there are 2-3 Dropdowns are there, If we select first than value will be fetched into second dropdown and once we select value in 2nd Dropdown than value will appear in 3rd Dropdown. While tool will do the testing for this page, it will select only first dropdown and will skip 2nd and 3rd dropdown. So we need to find out these type of areas.