Monday, February 3, 2014

Web App Pentest - Part 3 Fuzzing


When We test the web application, we do not test a single page but we test lot of page of a single web application. So each page may have more than one variable so technically you will be engaging with ton of variables within your web application test. So when you inject anything to the input it is good to know what kind of effect your injection is making to the server. In this part of these article series we will look at the importance of simple alphabetic injection along with the web page encoding technology and how it does effect on our testing and result.

Web App Pentest - Part 2 Indentifying Injection Points

If your web page is static, you cannot test it as far as security concern. You can test it at some sort of view but you can’t play with it much as compare to dynamic page. Nikto scanner is a good utility which works best in testing static sites. There has to be some interaction between client and server via login panel, comment section, register page, contact us form and so on.