Identify Attack Surface
• Client side validation server or client?
• possible SQL injection, Database issue, root database account or any code or discovered comment that might give partial or full access to the database.
• Available upload or download functionalities with path traversal
• Check for ability to display user supplied data, uploading a file or open editors.
• Check ability to use invalidated parameters pushed to pages that do redirects
• possibility of using brute force attack
• Isolate available information that might help in escalate privileges like cookies and session state information.
• Using collected info try to identify non encrypted communication channels
• Identify interfaces to external system it might represent an information leakage point
• Analyze all generated error message for information leakage.
• Identify any pages that interact with mail server to try command or email injection
• Identify the usage of native code that might be a potential vulnerability for buffer over flow.
• Identify any known structure, folder names, themes from known third party application which can open the door to search for known vulnerabilities
• Identify common vulnerability in the used web server.
2017-05-10 Web Application Security Fast Guide( book slides) By Dr. Sami Khiami Slide 18