In this chapter, we will cover:
- Using Hackbar add-on to ease parameter probing
- Using Tamper Data add-on to intercept and modify requests
- Using ZAP to view and alter requests
- Using Burp Suite to view and alter requests
- Identifying cross site scripting (XSS) vulnerabilities
- Identifying error based SQL injection
- Identifying blind SQL Injection
- Identifying vulnerabilities in cookies
- Obtaining SSL and TLS information with SSLScan
- Looking for file inclusions
- Identifying POODLE vulnerability
We have now finished the reconnaissance stage of our penetration test and have identified the kind of server and development framework our application uses and also some of its possible weak spots. It is now time to actually put the application to test and detect the vulnerabilities it has.
In this chapter, we will cover the procedures to detect some of the most common vulnerabilities in web applications and the tools that allow us to discover and exploit them.
We will also be working with applications in vulnerable_vm and will use OWASP Mantra, as the web browser to perform the tests.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.