What does Web Application Penetration mean ? Or what exactly is hacking into the website ?
Hacking into the website would basically mean , gaining ability to perform any action that is not allowed or prohibited.
It can include but not limited to the following acts
1) Taking control of the website
3) Downloading the entire database
4) Accessing someone else's Session , masquerading
5) uploading malware etc..
These , risks , can be exploited by performing certain known issues. These issues have been globally recognized as OWASP TOP 10. https://www.owasp.org/index.php/Top_10_2010
We as Web App Security professionals , specialize in analysis of these top 10 issues in a website. A good majority of issues can be avoided/averted if these 10 top issues are closed or fixed , then your website is safe from a wide range of attacks. It is a globally accepted/recognized standard. Its called the OWASP or the Open Source Web Application Security Project.
I as an attacker , not only attack the website , but also give recommendations to fix these loopholes irrespective of the language in which your application is coded.
Website Penetration Testing can be done in 3 stages. Each stage is mutually exclusive and doesn't depend on one another.
1) Black Hat Hacking : The client shall just provide with the URL of the target website. My job would be to think like an attacker and try to hack into your website trying to exploit the OWASP TOP 10 vulnerabilities. In this...
Read More »