Most types of penetration tests involve an information-gathering phase, which is vital to ensuring that testers have access to key information that will assist them in conducting their assessment. This is not the case in a black box approach, which we will deal with later. Most information gathering is done for web-based application penetration testing, so the questions involved are generally geared toward web-based applications, such as those given here:

• What platform is the application written in?
• Does the application use any APIs?
• Is the application behind a web application firewall (WAF)?
• How does the application handle authentication?
• Does the application use active directory credentials to authenticate users?
• Do users access this application in any other way than through the web URL?
• Is the application internet-facing or internal?
• Does the application serve any sensitive information or system access?

Understanding the target is very important before any sort of attack as a penetration tester, as it helps in creating a profile of the potential target. Recovering user credentials/login accounts at this phase, for instance, will be vital to later phases of penetration testing as it will help us gain access to vulnerable systems and networks. Next, we will discuss the essentials of threat modeling.