WEB APPLICATION SECURITY TESTING – 6. ATTACKING AUTHENTICATION

  This notes is for learning/educational purpose only. Use it at your own risks.   AUTHENTICATION TECHNOLOGIES Wide range of technologies are available for authentication mechanism : HTML form-based authentication Multifactor mechanism like combining password and physical tokens Client SSL certificates and/or smartcards HTTP authentication Windows-integrated authentication using NTLM or Kerberos 90% of web apps use…

WEB APPLICATION SECURITY TESTING – 4. APPLICATION MAPPING

This is lesson four of Web Application Security Testing blog series. This part of series talks about how a web penetration tester should map the application for further attack. You’ll learn about how to enumerate content and functionalities and map the attack surfaces of application.

WEB APPLICATION SECURITY TESTING – 3. WEB COMMUNICATIONS

This is lesson three of Web Application Security Testing blog series. In this lesson, we’ll learn about basics of web communication, HTTP and HTTPS protocol, Various HTTP request and response headers, HTTP Request methods and various encoding schemes used during communication.

WEB APPLICATION SECURITY TESTING – 2. CORE DEFENSE MECHANISMS

This is lesson two of Web Application Security Testing blog series. This lesson will introduce you about the core elements of defense mechanisms often employed by current web applications. It describes how user input, user access and attackers are handled by application.