In this chapter, we examined web apps and the user authorization services they provide from the perspective of an attacker. We applied the kill chain perspective to web applications and their services in order to understand the correct application of reconnaissance and vulnerability scanning.

Several different techniques were presented; we focused on the hacker's mindset while attacking a web application, and looked at the methodology used when penetration testing a web application. We learned how client-side proxies can be used to perform various different attacks, looked at tools to perform brute-forcing on websites, and covered OS-level commands through web applications.

We completed the chapter with an examination of a web shell specific to web services.

In Chapter 8, Client-Side Exploitation, we will learn how to identify and attack client-side exploits that connect users to web services, and how to escalate privileges to achieve the objective.