Identify Attack Surface
• Client side validation server or client ?
• possible SQL injection , Database issue , root database account or any code or discovered comment that might give partial or full access to the database .
• Available upload or download functionalities with path traversal
• Check for ability to display user supplied data , uploading a file or open editors .
• Check ability to use invalidated parameters pushed to pages that do redirects
• possibility of using brute force attack
• Isolate available information that might help in escalate privileges like cookies and session state information .
• Using collected info try to identify non encrypted communication channels
• Identify interfaces to external system it might represent an information leakage point
• Analyze all generated error message for information leakage .
• Identify any pages that interact with mail server to try command or email injection
• Identify the usage of native code that might be a potential vulnerability for buffer over flow .
• Identify any known structure , folder names , themes from known third party application which can open the door to search for known vulnerabilities
• Identify common vulnerability in the used web server .
2017-05-10 Web Application Security Fast Guide ( book slides ) By Dr . Sami Khiami Slide 18