In this section, we'll be looking at the tools used to identify possible vulnerabilities in web applications. Some of these tools, specifically Burp Suite and OWASP ZAP, go beyond performing vulnerability assessments against web and cloud applications and provide you with the ability to attack these vulnerabilities, and you will see them appear further into the chapter.

Based on the information we gather from the results of the various tools, we will be able to determine our attack vectors in attempts to gain access to the system through password attacks or exfiltrate data from databases or the system itself.