Web application security - the fast guide 1.1 | Page 80
Chapter 4 - Be the attacker
P a g e | 80
Attack
feasibility
Attack surface
Analyzing and understanding the meaning behind the collected information is
essential to be able to move on to execution stage.
The main purpose of analyzing stage is to:
Specify attack surface: figuring what are possible scenarios to execute the
attack and compromise the application
Specify the feasibility of each scenario from resource and time point of
view
4.14 Attack analyzing – Specify attack surface
Application
Attack
surface
With lot of information attacker should know exactly where to begin
from, the experience is essential in this level and can save lot of time.
The number of attack points can be very big, so the following is a good
practical check list to begin from to extract the attack scenarios list:
Client side validation: a fast and good place to begin from is specifying if
the input validation is done on client, server or both sides.an easy entry
might be related to a client side only input validation.